Monday, June 9, 2014

Impersonation feature for WebCenter Spaces 11.1.1.8 with Oracle Acess Mgr(OAM) 11gR2

What is Impersonation ? 
WebCenter Portal Impersonation lets a WebCenter Portal administrator or system administrator assign impersonation rights to a group of users ("impersonators"), such as support representatives or application administrators, so that they can impersonate another Portal user and perform operations as that user ("impersonatees"). This may be useful in the following instances:
  • A customer support representative may want to perform actions as another user in order to understand the issues being faced by that user
  • An administrator may want to perform operations on behalf of a user
  • A company executive may need to delegate someone to act on his or her behalf while away. (Source : Oracle Documentation)





Pre-requisites
1) WebCenter Spaces 11.1.1.8 +
2) Oracle Access Manager(OAM) 11.1.2 (11gR2+)
3) Setups need to be done in OAM , Webcenter Spaces application using EM , and in Oracle Internet Directory(OID) for the users (OID 11.1.1.7+)

Key Advantages -
1) Feature just needs to be configured as mentioned above . Effort is markedly less than implementing this feature in a custom manner using ADF/Web Technologies.
2) Feature once configured along with OAM can be monitored using OAM.
3) Out of the box UI are available and supported by Oracle , hence the solution is standardized.
4)Feature being a very common use case can be used to sell OAM and the Security Team has expertise in implementing it within a cpl of weeks.

Note 
  • After weeks of ado , I have got this up and running in our environments for Webcenter Spaces 11.1.1.8 which is Oracle's new way of developing webcenter portal applications.
  • But for a Custom Portal Application in 11.1.1.8, though Security Taskflows for Impersonation are available in Jdeveloper , Impersonation is not currently supported (Doc ID 1606526.1) but I have an ER open with Oracle [BUG 18882638 - ENABLE IMPERSONATION FOR WEBCENTER CUSTOM FRAMEWORK APS ]

Walkthrough of this new & exciting feaute via screenshots - 
1) Screen in WC Spaces / Custom Portal Security Taskflow to select impersonators. (Validations to prevent users not been setup as Impersonators available Out of the Box).




2) Search Impersonators screen .
Only those users who have been granted Impersonator access in OID can be searched here.






3)Selected Impersonator who can be given access rights for a time duration.




4) Once Switch User Link is clicked ( as in second image above) after logging in with the 

Impersonators credentials , the Impersonator is asked to enter your credentials as under.

5) Once logged in the Impersonation session is in progress. Remember - The impersonatee's credentials were not used at all !
Click on Stop Impersonation to return back 
to the Impersonator's home page.
6) Cool feature  !! Monitor the Impersonation session as an Admin in OAM Console as below

Reference