Symantec Access Management

Customer wants to access/have both Impersonator and Impersonatee sessions active on the same browser at a time(meaning they will navigate back and forth between Admin application as an Admin user and End user application as End user).

If I am not wrong, according to the current design you cannot get back to Impersonator’s original session unless you end impersonation session.

Is it feasible to achieve this use case ? 

Thanks

Ashok

I do not think this is possible.

By design, once Impersonator impersonates another user,  Impersonatee session was created as new smsession cookie, the old smsession cookie becomes SMSAVEDSESSION cookie.
When accessing a protected resource, the smsession will be checked or validated.
If you access Impersonator's original resource, you should get AzReject error 403 from poliy server, which means Impersonatee does not have the rights to access it.

You should always ends Impersonatee session before going back to Impersonator resource.

Hongxu

It's not possible to achieve what you are looking. 

Thank you Ujwol and Hongxu.

Is it a valid enhancement request, as this request came from a customer and sounds reasonable from Administrator perspective ?

I understand the product feature and the methodology which SM follows to provide this feature, this might be a complete redesign of the Impersonation feature.

Hi Ashok,

I don't think this functionality will add much value considering the amount of changes it will need in the current design.

Client can simply open two different browser session one each for Impersonator and Imoersonatee.

Regards,

Ujwol

Agree. Thank you Ujwol.