nathalielim
Programmer
Hi,
What does it mean by impersonateuser and when do we use it?
What does it mean by impersonateuser and when do we use it?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Impersonateuser
- Thread starter nathalielim
- Start date
- Status
In livelink when integrators want to provide a seamless experience .For e.g if the livelink server was one that DID NOT SUPPORT directory authentication (there are very few of that kind nowadays).In that case when you write a lapi/websvcs app and probably this means that each user into livelink needs to come in as with a userid/password,but in many cases when you write things in windows or unix you have a userid that is part of a environment variable.Along with that if you can secure yourself a session into livelink with a credential like 'Admin',which is just any user with 'SA' privs on their profile you can "technically impersonate" anybody you want.So it helps in creating a seamless experience if both your app and livelink app did not talk to the same directory service for authentication.When a session is impersonated livelink code now acts as the impersonated user and all activity is audited as the new user.The programmer is responsible for killing the impersonated session as soon and practical it can be done.
Most companies out there who knows livelink will not give out a credential with SA because it is akin to asking the unix admin can I use root or a SAP basis guy can I get a ID with SAPall. Integrations should IMHO use external directory services authentication for SSO.
If the userid that is used to create the impersonation leaks out then somebody can use that elevated privs to compromise livelink.
In lapi there is also a method called use the cookie.If you know how cookies work cookies are issued by the webserver to the client machine,so after an initial successful login you can use that cookie to gain entry into livelink.Some people mistakenly think of taking that and using it from another machine but that is not the intention and OT is smarter than that
While not exactly impersonation read what I wrote in my blog when how to properly implement Single Sign On with livelink.In that I mention impersonation as well.
Well, if I called the wrong number, why did you answer the phone?
James Thurber, New Yorker cartoon caption, June 5, 1937
Certified OT Developer,Livelink ECM Champion 2008,Livelink ECM Champion 2010
Most companies out there who knows livelink will not give out a credential with SA because it is akin to asking the unix admin can I use root or a SAP basis guy can I get a ID with SAPall. Integrations should IMHO use external directory services authentication for SSO.
If the userid that is used to create the impersonation leaks out then somebody can use that elevated privs to compromise livelink.
In lapi there is also a method called use the cookie.If you know how cookies work cookies are issued by the webserver to the client machine,so after an initial successful login you can use that cookie to gain entry into livelink.Some people mistakenly think of taking that and using it from another machine but that is not the intention and OT is smarter than that
While not exactly impersonation read what I wrote in my blog when how to properly implement Single Sign On with livelink.In that I mention impersonation as well.
Well, if I called the wrong number, why did you answer the phone?
James Thurber, New Yorker cartoon caption, June 5, 1937
Certified OT Developer,Livelink ECM Champion 2008,Livelink ECM Champion 2010
- Status