Matthias X Falkenberg commented on May 7, 2012

Re: Managing Enterprise Portals with User Impersonation

Hello Chethankumar,

The out-of-the-box portlet relies on the Impersonation API. Therefore, you should be fine using it for your custom impersonation portlet as well. But from the top of my head I have one recommendation. The portlet should not enable an impersonated user to perform an impersonation. That is, the portlet should check whether the current user is already an impersonated user, for example, by looking for the OriginalUserCredential in the subject.

In the past there were issues with impersonation in cluster setups (for example, PM34927). For this reason, I recommend you to install the latest fix pack and the latest cumulative fix available for your Portal version.

Your portlet can determine the page the impersonated user is forwarded to. I would imagine that a custom impersonation portlet has a button to start the impersonation via action request. The corresponding action response allows the portlet to send a redirect (see also javax.portlet.ActionResponse.sendRedirect(String)).

Please also consider using the developerWorks WebSphere Portal forum for questions about User Impersonation that are not in the scope of this article. It is available at

Kind regards,


chethankumar mahadevappa commented on Apr 12, 2012

Re: Managing Enterprise Portals with User Impersonation

Thanks ..Its a good post . We have a requirement to customize the impersonation and hence cant use Out of Box portlet . Any Implications if i use API and Impersonation service to meet my requirements in large enterprise cluster portal? Any known bugs or issues? How i can control the navigation when i click on a user whom i need impersonate as ? For Example , If i search User X , and click on that user Id ,how i can control the navigation like what user need to see or what page it should be navigated to?Looks like i need to Use Impersonation API's . Please share some thoughts. Thanks.