This plugin allows certain users to assume the identity of another user. A privileged user first logs in with its real account and can then choose another profile to appear as. This feature can be especially useful for training/learning or development platforms.
<divclass="noteimportant">This plugin should not be used on production instance, prefer <ahref="contextswitching.html"class="wikilink1"title="documentation:2.0:contextswitching">ContextSwitching plugin</a>.
Just enable it in the Manager (section “plugins”) by setting a rule. Impersonation can be allowed or denied for specific users. Furthermore, specific identities like administrators or anonymous users can be protected from being impersonated.
<liclass="level2"><divclass="li"><strong>Identities use rule</strong>: Rule to define which identities can be assumed. Useful to prevent impersonation of certain sensitive identities like CEO, administrators or anonymous/protected users.</div>
<liclass="level2"><divclass="li"><strong>Merge spoofed and real <abbrtitle="Single Sign On">SSO</abbr> groups</strong>: Can be useful for administrators to keep higher privileges. "Special rule" field can be used to set <abbrtitle="Single Sign On">SSO</abbr> groups to merge if exist in real session. Multivalue <code>separator</code> is used. By example : <code>su; admins; anonymous</code></div>
Keep in mind that real session is computed first. Afterward, if access is granted, impersonated session is computed with real and spoofed session attributes if Impersonation is allowed.
impersonationPrefix is used to rename user's real profile attributes. You can set real attributes prefix ('real_' by default) by editing <code>lemonldap-ng.ini</code> in section [portal]: