The FCC that begins the impersonation process must also include the @smpushsession=true directive, which instructs the Web Agent to save the current session cookie contents in another cookie so that the session cookie can now hold the session spec of the impersonated user.
The proper credentials must be presented to the Web Agent processing the impersonation authentication scheme in order for authentication to take place. The username should be the username of the user to be impersonated. The password should be set to the session spec of the impersonator, pre-pended, if necessary, with additional attributes. The FCC's facility for substituting the contents of cookies or headers into directives at the time the form is posted should be used for this purpose. Using this facility, the FCC sets the @password directive to the Users Session Specification along with other data if necessary. For more information on .fcc files, see HTML Forms Authentication Schemes.
To end the impersonation process, another .fcc file can be included in the realm protected by the impersonation authentication scheme. This .fcc file should set the @target directive to point to a resource in the restricted realm that was used to begin the impersonation process. In addition, the @smredirect directive should be set to the same resource in order force an end for the authentication process. Finally, the @smpopsession=true directive should be used to restore the original session cookie.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |