Previous Topic: Security Considerations for Impersonation

Next Topic: Session Idle Timeouts

Effects of Authentication Scheme Protection Levels

While impersonating a user, the protection level at which an impersonator originally authenticated will not be checked. Normally, when accessing resources in a new realm protected by an authentication scheme at a higher level, the user would be challenged for new credentials. However, since an impersonator should be a privileged user, these types of challenges will not occur during an impersonation session. Protection levels are meant to indicate the strength of credentials used to access resources in a realm. In the case of impersonation, there are no credentials specific to the user being impersonated, therefore protection levels are not considered.

Note: Once the impersonated session ends, protection levels are once again enforced normally.


Copyright © 2010 CA. All rights reserved. Email CA about this topic