Issue
- Admin users are unable to impersonate other users.
- When attempting to impersonate, a new tab opens, but it remains on the original user.
- Impersonation attempts fail, the `doAsUserId?` is missing from the URL.
Environment
- Liferay DXP 7.4 +
Resolution
-
Start the bundle and navigate to Control Panel > Instance Settings >> Instance Configuration >> General, you'll notice two fields:
- Home URL
- Default Logout Page
-
These URLs can use a servlet that is mapped to a Friendly URL Servlet like `/web/*`
-
These URLs should not be mapped to need to a servlet mapped to a Main Servlet, as defined in shielded-container-web.xml
<servlet-mapping> <servlet-name>Main Servlet</servlet-name> <url-pattern>/c/*</url-pattern> </servlet-mapping> -
This is the same for the portal-ext.property `portal.impersonation.default.url=`
Using /c/*, the impersonation request will not be completed. A new tab opens, but remains on the “users and user group” page as the original account. See the following tests:
❌ Scenario 1:
portal.impersonation.default.url= /c/portal/login
Home URL = /c/portal/login
❌ Scenario 2:
portal.impersonation.default.url= /c/portal/login
Home URL = empty
❌ Scenario 3 (client’s setup, verified)
portal.impersonation.default.url=/web/guest
Home URL = /c/portal/login
✅ Scenario 4:
portal.impersonation.default.url=/web/guest
Home URL =/web/guest
✅ Scenario 5:
portal.impersonation.default.url=/web/guest
Home URL = empty - After removing
/c/portal/loginfrom the “Home URL” and “Default Logout Page”, the administrator should be able to impersonate other users.