NetIQ Self Service Password Reset (SSPR) is a Web-based password management solution. It eliminates the users’ dependency on administrators to change their passwords. It reduces the workload of the helpdesk and in turn reduces the cost incurred by the company. Users can change their password and reset forgotten password based on the configured challenge-responses or the one time passwords. SSPR also allows administrators to ensure that all passwords in the organization comply with the established policies. For detailed information about NetIQ Self Service Password Reset, visit the NetIQ Self Service Password Reset Documentation Web site.
SSPR 3.3 enhances the product capability and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable inputs. We hope you continue to help us ensure our products meet all your needs.
SSPR 3.3 provides the following features, enhancements and fixes in this release:
Section 1.2, Integrating NetIQ Advanced Authentication Framework with Self Service Password Reset
Section 1.3, One Time Password Can be Used for the Forgotten Password Process
Section 1.4, Different Verification Methods for Forgotten Password Process
Section 1.5, The LDAP Group Search Filter Available for Searching Users From the Directory
Section 1.7, SSPR Allows Uploading the JDBC Driver File By Using the Web Interface
Section 1.8, SSPR Allows Testing the Database Connection and Availability of SMS Gateway
Section 1.9, SSPR Allows Challenge/ Response policies to be Set for Each Question
Section 1.10, SSPR Includes Configuration Template for Identity Manager
Section 1.12, The Peoplesearch Functionality Can be Used for SSPR Public Web Page
The theme for Self Service Password Reset is changed to enhance the usability of the product, and to comply with the NetIQ standards.
You can now configure NetIQ Advanced Authentication Framework (NAAF) settings to help the NAAF user to use the configured authentication method during a forgotten password process. For more information about using NAAF authentication methods refer, Integrating SSPR with NetIQ Advanced Authentication Framework in the NetIQ® Self Service Password Reset 3.3 Administration Guide.
The configuration option, One Time Password is added for enabling and configuring one time password. If you enable, and configure the settings for one time password, the users are allowed to set up the details for one time password so that they can receive the one time password during a forgotten password process. For more information about the One Time Password settings, refer Configuring One Time Password in the NetIQ® Self Service Password Reset 3.3 Administration Guide.
You can now specify the required verification method for forgotten password by using the Verification Method setting. For more information about this setting refer Configuring Forgotten Password Policy for a Profile.
The LDAP permission setting now includes group filter in addition to LDAP filter that searches the directory depending on the filter settings.
You can now configure multiple profiles for different user groups with required settings in forgotten password, helpdesk and new user registration. For more information about creating a policy for a specific profile, refer Configuring LDAP and Policy Profiles.
You can now upload the JDBC driver file instead of copying the file. For more information about uploading the file, refer Database Driver under Configuring Database Settings
You can now test the database connection and the also test the availability of SMS gateway. Test button is included to test the database connectivity in database settings, and SMS gateway availability in the SMS settings.
You can now specify the challenge/ Response policy for each question instead of setting it globally.
This release of SSPR includes a configuration template for Identity manager (IDM). All the settings that are required for the configuration are displayed when you select the NetIQ IDM/ OAuth Integration template.
SSPR 3.3 supports new audit records such as, HelpdeskAuditRecord. For more information about audit records, refer the collector for SSPR documentation.
You can now allow all the users to use the Peoplesearch functionality on an SSPR public web page. To allow users to use a public URL to search for LDAP users, you must select the Enable PeopleSearch Public (Non-Authenticated) Access setting in the People Search option.
You can now allow users to view the organizational chart in which the user’s details are provided including the details of the user’s manager, and the people who report to the user. The hierarchy level is displayed with the arrow symbol. For more information about people search refer Enabling People Search.
The following lists the issues resolved in this release:
Error in Password Expiration Message while Using Japanese Locale
Progress Bar on an iPhone Is Not Resized after Password Reset
Security Answer Is Incomplete if it Includes a Special Character
SSPR Does Not Read Windows Server 2003 Complexity Rule Automatically
New User Creation Fails when the Optional Attribute Value Is Not Provided
Issue: The password expiration message includes the Day text twice. [Bug 875992]
Fix: The issue is resolved now as the password expiration message is displayed correctly.
Issue: When you reset a password by using an iPhone, the progress bar is not resized as per the screen layout. [Bug 888533]
Fix: The issue is resolved now as the progress bar is resized on the iPhone.
Issue: When you include a special character (“) in the secret answer field and click Check Answers, the response is incorrect and the text before the special character is displayed in the secret answer field. [Bug 889669]
Fix: The issue is resolved now as the secret answer field does not retain any text when the secret answer is wrong.
Issue: SSPR is susceptible to the CRLF Header Injection attacks. The SSPR server sends a client response to the client via the response header. [Bug 902467]
Fix: The issue is resolved now as the SSPR is no longer susceptible to the CRLF Header Injection attack.
Issue: In the Configuration Editor, an attacker can read local files by injecting external XML files. [Bug 902735]
Fix: The issue is resolved now as the Configuration Editor is no longer susceptible to the XXE attacks.
Issue: When you enter a space in the Password field, the authentication fails. [Bug 911037]
Fix: The issue is resolved now as the password field accepts a space.
Issue: When trying to answer challenge questions, the iPad users are unable to view the challenge questions list. [Bug 915886]
Fix: The issue is resolved now as an iPad user can view the challenge questions list.
Issue: In SSPR, the Windows Server 2003 Complexity rule is not read automatically even after it is configured in the eDirectory. [Bug 924780]
Fix: The issue is resolved now as the Windows Server 2003 Complexity rule is read automatically.
Issue: When you try to create a new user without providing the optional attribute value, the registration fails. [Bug 929341]
Fix: The issue is resolved now as the new user account is created successfully even when there is no optional attribute value provided.
Issue: When you configure an alternate email address in the To field of the Forgotten Password Verification Email section, the configured email address does not receive the password reset link. [Bug 930640]
Fix: The issue is resolved now as the configured email address receives the password reset link.
For detailed information about hardware and software requirements, see Installation Requirements
in the NetIQ® Self Service Password Reset 3.3 Administration Guide.
SSPR is available for download in the following two formats:
(Recommended for new installation) SSPR.msi: An executable file that contains SSPR Web archive and tools.
SSPR_3.3.ZIP: A compressed zip file that contains SSPR Web archive and tools
For more information about how to install SSPR, see Installing SSPR
in the NetIQ® Self Service Password Reset 3.3 Administration Guide.
For information about how to upgrade SSPR, see Upgrading SSPR
in the NetIQ® Self Service Password Reset 3.3 Administration Guide.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Issue: In an Active Directory or an Oracle Directory group policy if you have defined the minimum password age for a user then, new user registration fails.
Workaround: To workaround this issue, the SSPRConfiguration file must include the following properties tag:
<properties type="app"> <property key="newUser.ldap.useTempPassword">false</property></properties>
The SSPRconfiguration file is available at the WEB-INF folder. By default the location of the SSPRConfiguration file is C:\Program Files (x86)\NetIQ Self Service Password Reset\apache-tomcat-7.0.50\webapps\sspr\WEB-INF.
Issue: When you select User cannot change password in the Active Directory settings page, a user is restricted to change password. But when the user attempts to change the password by using the Forgotten password link, SSPR allows the user to change the password instead of restricting the user.
Workaround: When you restrict a user from changing the password, you must ensure that you disable the Use Proxy When Password Forgotten setting from the Active Directory template by using configuration editor.
Issue: When using secured (https) connection to launch the SSPR web console, Internet Explorer 11 does not display the SSPR page.
Workaround: The Administrator must update the Operating System with the latest patch before connecting to the secured SSPR web console.
NOTE:For Windows 2008 server, SSPR is supported only on Chrome and Firefox browser.
Issue: When a user starts the password change process by clicking Forgotten password, a random password is generated and if the user cancels the process without completing it then, user cannot use the old password. This happens because SSPR recognizes the random password is generated when the user clicks on Forgotten password.
Workaround: Perform the following for different directories:
For Active Directory, you can enable the Use Proxy When Password Forgotten setting from the Configuration Editor.
For eDirectory, you require to enable the Allow admin to retrieve passwords option from the eDirectory settings page.
For Oracle Directory Server, the user needs to complete the forgotten password process and then use the new password to login.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For general corporate and product information, see the NetIQ Corporate Web site.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government’s rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
© 2014 NetIQ Corporation. All Rights Reserved.
For information about NetIQ trademarks, see https://www.netiq.com/company/legal/.