How to integrate the impersonation API with SAML
Applies to
HCL Digital Experience v9.5 and Higher
Introduction
When an HCL Digital Experience (DX) deployment is configured with SAML for Single Sign-On (SSO), the user impersonation feature may fail to function as expected. This behavior occurs due to specific security processing conflicts within the underlying application server. This article outlines the steps required to enable the impersonation API to work alongside a SAML configuration.
Instructions
To enable user impersonation within a SAML-configured environment, you must remove the com.ibm.websphere.security.InvokeTAIbeforeSSO security custom property. Refer to the following steps to remove this custom property:
- Log in to the IBM WebSphere Integrated Solutions Console as the WebSphere administrator.
- Navigate to Security > Global security > Custom properties.
- Select the com.ibm.websphere.security.InvokeTAIbeforeSSO property.
- Click Delete.
- Click Save at the top of the console messages.
- On clustered on-premise environments, synchronize the changes with all the nodes.
- Restart the environment to apply the changes:
- Containerized environments: Restart the
dx-corepods. - Clustered on-premises environments: Restart all nodes, including the Deployment Manager (Dmgr) node.
- Containerized environments: Restart the