By configuring a series of Policy Server objects, you can allow privileged users to impersonate other users. This feature is useful in situations where a helpdesk or customer service representative must troubleshoot problems for a customer, or when an employee is out of the office. Part of the impersonation process requires an impersonation authentication scheme which allows a privileged user to begin the impersonation process, identify the user to be impersonated (impersonatee), and establish an impersonation session. This authentication scheme is similar to the HTML Forms authentication scheme.
Verify that the following prerequisites are met before configuring an Impersonation authentication scheme:
For general details about composing .fcc files, see SiteMinder FCC Files. For information about specific .fcc file requirements for impersonation, see Enable Impersonation through an .fcc File.
These libraries handle authentication processing These files are installed automatically when you install the Policy Server.
Note: Directory mapping does not support impersonation. The impersonatee, the user being impersonated, must be uniquely present in the authentication directories that are associated with the domain or the impersonation fails.
You use an Impersonation authentication scheme to let privileged users impersonate other users.
Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object. For more information, see Duplicate Policy Server Objects.
Follow these steps:
The Authentication Schemes page appears.
Verify that the Create a new object of type Authentication Scheme is selected.
The Create Authentication Scheme page appears.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Scheme-specific fields and controls appear.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
The authentication scheme is saved and can be assigned to a realm.
Copyright © 2013 CA.
All rights reserved.
|
|