ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Impersonation not working on some versions of agents


Article ID: 36579


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



Several clients have reported that, upon upgrading Siteminder to 12.52, Apache agents stop working on Impersonation.




Web agent defect.


Upon investigation, it looks like during the startimpersonation process,  the "smsavedsession" is not getting generated as a cookie. This will prevent the impersonator from being able to logout.

Smsavedsession is generated only when the impersonation session starts. The Web Agent moves the existing SMSESSION to SMSAVEDSESSION and sets a new SMSESSION cookie equal to the new session spec due to a @pushsession directive in the FCC.

This was identified as a defect in several versions of R12.51 and R12.52 agents, impacting both IIS and Apache. The client needs to either get the development fix or wait for the latest 12.52 SP1CR4 patches.

However, the same use case works on agents prior to the R12.5 release.

Additional Information:

WEBAGENT R12.52 SP01 CR04 release note contains fix for:

RTC 160850 / DE102716  The Impersonation flow fails when the FCC Compat mode is set to YES.


Component: SMPLC