Using switch user

About this task

When the configuration steps in the previous section have been completed, WebSEAL administrators can use the switch user function.

To use the switch user function, complete the following steps:

Procedure

  1. Log in as a user who has permission to access the switch user function.

    This function is usually accessed by administrators. The user must be a member of the su-admins group.

  2. Request the switch user HTML form.

    The default file name is switchuser.html. For information about this file, see Configuring the switch user HTML form.

  3. On the form, specify:
    • The name of the user identity that you want to assume.
    • A destination URL.
    • An authentication method.

    This action results in a POST request being sent to /pkmssu.form. WebSEAL sends a redirect to the browser for the destination URL supplied in the switch user form. The request is processed using the user's credential, and the URL is accessed.

    Note: The pkmssu.form management page is a management command to the WebSEAL server. It is not represented in the object space and you cannot attach policies to it.
  4. Make other requests as necessary.

    All authorization decisions for these requests are based on the credential of the user.

  5. When finished, end the switch user session by using the standard Security Access Manager /pkmslogout utility.

Results

For more information on how the switch user function works, see Overview of the switch user function.