How Session Impersonation works in OAM

Session Impersonation allows an end user to designate one or more users to act on his/her behalf within a constrained window of time.

OAM Session Impersonation Use Case

A. Apply latest bundle patch (Recommended)
– BP10 (22116468) Pre-req: shut down AdminServer, oam_server1

B. Add Impersonation object class/attributes to OUD using ODSM
Impersonation object class : orclIDXPerson
Attributes : orclImpersonationGrantee and orclImpersonationGranter

C. Add impersonation object class – orclIDXPerson – to two users – pennie and rajesh – to demonstrate impersonation functionality.
In reality, the entire user population in the OUD will have this object class – orclIDXPerson.

D. Obtain the entryUUID and orclGUID of the impersonator (rajesh)
cd /d01/Weblogic/FMW/asinst_1/OUD/bin

./ldapsearch -p 1389 -b “uid=rajesh,ou=People,dc=oud,dc=com” -s base -D “cn=Directory Manager” -w Oracle123 “(objectclass=*)” orclguid entryuuid

orclguid: 43ce0ed15c5c31a7879fdad695b4d21e

E. Search orclImpersonationGrantee optional attribute of the impersonatee(pennie) and add the orclguid value.


orclguid of impersonator(rajesh)|start_date|end_date;impersonator2|start_date|end_date;impersonator3|start_date|end_date


verify : ./ldapsearch -p 1389 -D “cn=Directory Manager” -w Oracle123 -b “uid=pennie,ou=People,dc=oud,dc=com” “objectclass=*” orclImpersonationgrantee

F. Modify EnableImpersonation to true in oam-config.xml

cd /d01/Weblogic/FMW/user_projects/domains/OAMDomain/config/fmwconfig/
vi oam-config.xml
EnableImpersonation to true

G. Enable Allow Session Impersonation at Application Domain level.

H. Restart oam_server1, OUD instance, AdminServer and Webserver(having webgate)

I. login as Impersonator (rajesh) to access OAM resource and open new tab with below URL :

For VIDEO topic:

0 responses on "How Session Impersonation works in OAM"

Leave a Message