This section discusses various settings that enable integrating SSPR with external Web authentication methods. You can integrate SSPR with NetIQ Access Manager. These settings are intended for the developers and the component integrators to integrate SSPR with other external source and keep the session more secure for the users.
To configure SSPR web services, perform the following steps:
In Configuration Editor, click Settings > Web Services > Rest Services.
Configure the following settings:
|
Field |
Description |
|---|---|
|
Enable External Web Services |
Select this check box to allow public use of Web services. The form nonce is not required to invoke the Web services after enabling this feature. When this option is disabled, the form nonce is required to invoke all Web services. The form nonce is difficult to retrieve programmatically. |
|
Allow Web Services to Read Answers |
Select this check box to allow Web services to read stored challenge/response answers of users. The read responses are available in the hashing method format that is being used. |
|
Enable Public Health and Statistics Web Services |
Select this check box to allow public use of the Health and Statistics web services. These services require authentication to retrieve the data. This option allows the use of web services without authenticating the user. This setting is required for the public (non-authenticated) page at /public/health.jsp to be functional. |
|
External Web Services Permissions |
Specify the LDAP query for the users who are allowed to execute the REST web services. You can also query for the users in a specific LDAP group. The query for user search can be added by using Add Filter, or Add Group options. NOTE:If you want specific users to use the SSPR REST services then you must specify the LDAP query for those users. But if you are using the NetIQ IDM/ OAuth Integration template, all the users are allowed to execute the REST web services. |
|
Web Services Third Party Permissions |
Specify the query for users who are permitted to execute REST web services and are allowed to specify a third party by using the 'username' parameter. |
|
External Web Services Secret Key |
If you require the external web service client to provide a password when requesting for SSPR web services, specify the password by using Store Value. |
Click the Save icon.
If you want to configure the web services for an external application, perform the following:
In Configuration Editor, click Settings > Web Services > Rest Clients
Configure the following settings:
|
Field |
Description |
|---|---|
|
External Token Destination Server URLs (Advanced) |
Specify a valid URL for the RESTful client API to allow flexibility in reading and in displaying the destination token addresses to the user. |
|
External Password Check REST Server URLs (Advanced) |
Specify the URLs for the RESTful client API to allow additional password rule validation for an application. |
|
External Macro REST Server URLs (Advanced) |
Specify the URLs for the RESTful client API to provide additional macro functions. The format of this setting must be @External<number>:<value> where, number can be any number representing the order of the URL and value is the URL. For example, @External1:value@ corresponds to the first URL, @External2:value@ corresponds to the second URL and so on. |
|
External Remote Responses REST Server URL |
Specify the URL for the RESTful client API to allow a remote service to provide challenge/response validation during forgotten password. This setting is applicable when the setting, verification method is set for Remote Responses. You can navigate to the setting from Forgotten Password > Forgotten Password Profiles > [profile name] > Verification Methods. |
|
Web Service User Attributes |
Specify the user attributes that various web services use as part of the user’s data set. |