Previous Topic: Multiple Cookie Domain SupportNext Topic: Sample Impersonation Implementation Assessment

Policy Server GuidesPolicy Server Configuration GuideImpersonationSample Implementation of Impersonation

Sample Implementation of Impersonation

This section contains a description of a simple implementation of impersonation. The minimum Policy Server objects required to implement impersonation are:

Infrastructure Objects:
Agent

Impersonation requires a Web Agent and its associated Policy Server Agent object.

Note: To implement impersonation, you must have at least one CA SiteMinder® Web Agent installed in your deployment. More information on installing a Web Agent exists in the Web Agent Installation Guide.

Authentication Scheme

An impersonation authentication scheme based on the Impersonation Authentication Scheme Template is required. For the sample defined in this section, the authentication scheme is named "Impersonation Auth".

User Directory

Impersonation requires one or more user directory objects that point to user stores which contain impersonators and impersonatees. The two populations of users should be distinguishable due to an attribute value or group membership.

Domain

A policy domain is required. For the sample defined in this section, the policy domain is named "Impersonation Domain".

Domain Objects:
Realms

For the sample described in this section, two realms are required: "Impersonation" and "App1". The "Impersonation" realm should use the "Impersonation Auth" authentication scheme. The “App1” realm can use any authentication scheme.

Rules

For the sample described in this section, you must configure a rule under the "Impersonation" realm that allows access to all resources for the "Get" action. In other words, an asterisk should be entered in the Resource field for the rule. You must also configure the rules for the impersonation events. One rule allows impersonation if the impersonator is included in an applicable policy, and the other rule allows an impersonatee to be impersonated if included in a different, applicable policy.

Rules

A similar set of rules to those in the “Impersonation” Realm should be created under the “App1” realm.

Policies

For the sample described in this section, six policies are needed. One policy must be defined for each rule in the "Impersonation" realm, and one policy must be defined for each rule in the "App1" realm.