As part of the customer's security audit they wanted to know how to disable or determine if impersonation is or could be used. The customer does not use or plan to use impersonation, but the security team needed verification steps.

SiteMinder R12 any release

Any OS

The impersonation configuration starts at its core with a specific Impersonation Auth scheme. This auth scheme uses a specific library to support the impersonation functionality, so removing this library will prevent impersonation from ever being implemented.

Library name : smauthimpersonate 

As part of verifying Impersonation is not configured in an existing environment, here are the things to check for:

- Any auth scheme configured with the smauthimpersonate library

- Any policies with rules in place for Impersonation. ImpersonateStart and ImpersonateStartUser

- Verify existing .fcc or other pages do not have the Impersonation Directives added at the top of the page. @smpushsession and @smpopsession