Symptoms: 

Several clients have reported that, upon upgrading Siteminder to 12.52, Apache agents stop working on Impersonation.

Environment:  

Windows/Unix

Cause: 

Web agent defect.

Resolution/Workaround:

Upon investigation, it looks like during the startimpersonation process,  the "smsavedsession" is not getting generated as a cookie. This will prevent the impersonator from being able to logout.

Smsavedsession is generated only when the impersonation session starts. The Web Agent moves the existing SMSESSION to SMSAVEDSESSION and sets a new SMSESSION cookie equal to the new session spec due to a @pushsession directive in the FCC.

This was identified as a defect in several versions of R12.51 and R12.52 agents, impacting both IIS and Apache. The client needs to either get the development fix or wait for the latest 12.52 SP1CR4 patches.

However, the same use case works on agents prior to the R12.5 release.

Additional Information:

WEBAGENT R12.52 SP01 CR04 release note contains fix for:

RTC 160850 / DE102716  The Impersonation flow fails when the FCC Compat mode is set to YES.