This section discusses various settings that enable integrating Self Service Password Reset with external web authentication methods. You can integrate Self Service Password Reset with Access Manager. These settings are intended for the developers and the component integrators to integrate Self Service Password Reset with other external source and keep the session more secure for the users.
If you want to configure the web services for an external application, perform the following:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Settings > Web Services > REST Clients.
Configure the following settings:
Specify a valid URL for the RESTful client API to allow flexibility in reading and in displaying the destination token addresses to the user.
Specify the URLs for the RESTful client API to allow additional password rules validation for an application.
Specify the URLs for the RESTful client API to provide additional macro functions.
The format of this setting must be @Externalnumber:value where, number can be any number representing the order of the URL and value is the URL. For example, @External1:value@ corresponds to the first URL, @External2:value@ corresponds to the second URL and so on.
Specify the URL for the RESTful client API to allow a remote service to provide challenge-response-validation during forgotten password.
This setting is applicable when the setting, verification method is set for Remote Responses. You can navigate to the setting from Forgotten Password > Forgotten Password Profiles > [profile name] > Verification Methods.
In the toolbar, click Save changes.
To configure Self Service Password Reset web services, perform the following steps:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Settings > Web Services > Rest Services.
Configure the following settings:
Select this option to allow public use of web services. The form nonce is not required to invoke the web services after enabling this feature.
When this option is disabled, the form nonce is required to invoke all web services. The form nonce is difficult to retrieve programmatically.
Select this option to allow web services to read stored challenge-response answers of users. The read responses are available in the hashing method format that is being used.
Select this option to allow public use of the Health and Statistics web services. These services require authentication to retrieve the data.
This option allows the use of web services without authenticating the user. This setting is required for the public (non-authenticated) page at /public/health.jsp to be functional.
Specify the LDAP query for the users who are allowed to execute the REST web services. You can also query for the users in a specific LDAP group.
The query for user search can be added by using Add Filter, or Add Group options.
NOTE:If you want specific users to use the Self Service Password Reset REST services then you must specify the LDAP query for those users. But if you are using the NetIQ Identity Manager/ OAuth Integration template, all the users are allowed to execute the REST web services.
Specify the query for users who are permitted to execute REST web services and are allowed to specify a third party by using the user name parameter.
If you need the external web service client to provide a password when requesting for Self Service Password Reset web services, specify the password by using Store Value.
In the toolbar, click Save changes.