Use switch user
When the configuration steps in the previous section have been completed, WebSEAL administrators can use the switch user function.
To use the switch user function, complete the following steps:
Steps
- Log in as a user who has permission to access the switch user function.
This function is usually accessed by administrators. The user must be a member of the su-admins group.
- Request the switch user HTML form.
The default file name is switchuser.html. For information about this file, see Configure the switch user HTML form.
- On the form, specify:
- The name of the user identity to assume.
- A destination URL.
- An authentication method.
This action results in a POST request being sent to /pkmssu.form. WebSEAL sends a redirect to the browser for the destination URL supplied in the switch user form. The request is processed using the user's credential, and the URL is accessed. The pkmssu.form management page is a management command to the WebSEAL server. It is not represented in the object space and we cannot attach policies to it.
- Make other requests as necessary.
All authorization decisions for these requests are based on the credential of the user.
- When finished, end the switch user session using the standard Security Verify Access /pkmslogout utility.
For information on how the switch user function works, see Overview of the switch user function.
Parent topic: Switch user authentication