Symantec Access Management

 View Only
  • 1.  SiteMinder Agent for WebSphere and Impersonation

    Posted Jun 06, 2017 02:24 PM

    Does SiteMinder Trust Association Interceptor (TAI) in Agent for WebSphere 12.0 SP02 support impersonation? TEC491573 (last modified on 11/29/2012) states, "No, the SiteMinder Agent for IBM WebSphere does not support Impersonation" but does not give version information. And while the documentation for 12.0 SP02 states that impersonation is not supported when talking about the SiteMinder JACC Provider, it does not mention the TAI specifically. (We are using the TAI.)


    If the SiteMinder TAI itself does not directly support impersonation, will it handle a SiteMinder session that already contains the impersonated session (e.g., an impersonation session authorized and created by a custom third-party agent on a proxy/gateway in front of WebSphere's Apache Web Front End (WFE), and that WFE has a SiteMinder Web Agent on it)?


    If SiteMinder Agent for WebSphere 12.0 SP02 does not support impersonation in any form, is support for impersonation on its roadmap?

  • 2.  Re: SiteMinder Agent for WebSphere and Impersonation
    Best Answer

    Broadcom Employee
    Posted Jun 06, 2017 04:48 PM

    I really doubt SiteMinder Trust Association Interceptor (TAI) in Agent for WebSphere 12.0 SP02 can support impersonation.

    I have never heard people requesting it or actually using TAI successfully with impersonation.

    With normal TAI, the user id in the transaction has to be mapped to WebSphere side identity, which is already complicated.

    For impersonation to work, there has to be a list of configurable items on application domain side and sequence of events, this is not simple to implement I imagine.


    If you really want it, I would suggest open a new idea (instead of discussion) in this community, then let CA product management to comment further on it.