To my knowledge, impersonation is not supported in the getSSOData method; but I might have missed something. This observation is consistent with the information you provided where you seem to recently added a second application and you’re now having to deal with this for the first time so I’m assuming the method in question also never worked for you.
As an additional note and based on a quick test you should be able to leverage an existing session started with impersonation if you make use of prompt=none request to the /authorize endpoint. For more information on this see: