10.6.2 Configuring SSO to Self Service Password Reset Through Access Gateway

Create a path based multi-homing proxy service for the reverse proxy b2cproxy created in Step 1. Specify /sspr in Path while creating the proxy service.

For information about how to create and configure a proxy service, see Creating a Proxy Service and Configuring a Proxy Service.

Create a protected resource for the proxy service created in the Step 1. Specify /sspr/* in URL Path while creating the protected resource.

Do not assign a contract to this protected resource. This enables users with self-registration and password reset capabilities.

For information about how to create a protected resource, see Setting Up a Protected Resource.

Create another protected resource for the proxy service created in Step 1. Specify /sspr/private/* in URL Path while creating the protected resource. Assign the Secure Name/Password - Form contract to this protected resource so that only authenticated users can access this protected resource. Ensure that Satisfiable by Contracts of Equal or higher level is enabled for the Secure Name/Password - Form Contract.

For information about how to create a protected resource, see Setting Up a Protected Resource.

Create an identity injection policy and assign it to the protected resource created in Step 3. Choose Inject into Authentication Header in Action while creating the identity injection policy.

For more information about how to create and assign an identity injection policy, see Configuring Identity Injection and Assigning an Identity Injection Policy to a Protected Resource.

Perform the following steps when you configure the authentication header policy:

The following diagram shows how the protected resources appear in Access Gateway after configuration: