11.3 Integrating a Standalone Self Service Password Reset with Identity Manager

If you have installed Self Service Password Reset as a standalone product and want to utilize the Self Service Password Reset password management functionality for identity applications then, you can provide the configurable values for the required settings by using the Self Service Password Reset Configuration Editor page and configuring the template for Identity Manager.

Complete the following sections to use Self Service Password Reset as the password management tool for Identity Manager:

NOTE:Ensure that you have selected Password Management Provider as Self Service Password Reset in the Roles Based Provisioning Module Configuration utility of Identity Manager. For more information about configuring settings in Roles Based Provisioning Module Configuration utility, see Configuring the Settings for the Identity Applicationsin the NetIQ Identity Manager Setup Guide.

11.3.1 Configure OAuth Settings for Self Service Password Reset

This section discusses various settings that enable Self Service Password Reset to integrate with OAuth Identity Server for a single sign-on. The Identity Manager Roles Based Provisioning Module configuration utility includes OAuth settings under Self Service Password Reset in the SSO clients tab. The OAuth settings that are defined in the Roles Based Provisioning Module configuration utility must be included in the Self Service Password Reset OAuth settings. For more information about configuring or viewing the settings in the Roles Based Provisioning Module configuration utility, see Configuring Identity Manager to Use Self Service Password Reset in the NetIQ Identity Manager Setup Guide.

To configure the Identity Manager OAuth settings in Self Service Password Reset:

  1. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  2. In the toolbar, click your name.

  3. Click Configuration Editor.

  4. Configure Self Service Password Reset to communicate to Identity Manager.

    1. Click Default Settings > LDAP Vendor Default Settings.

    2. Select NetIQ IDM / OAuth Integration.

  5. Click Settings > Single Sign On (SSO) Client > OAuth.

  6. Configure the following settings:

    OAuth Login URL

    Specify the URL for OAuth server login. This is the URL to redirect the user for authentication. For example:

    https://IP address of the Identity Manager server:8543/osp/a/idm/auth/oauth2/grant
    OAuth Code Resolve Service URL

    Specify the URL for OAuth Code Resolve Service. This web service URL is used for resolving the artifact that the OAuth identity server returns. For example:

    https://IP address of the Identity Manager server:8543/osp/a/idm/auth/oauth2/authcoderesolve
    OAuth Profile Service URL

    Specify the URL for the web service that the Identity Server provides that returns attribute data about the user. For example:

    https://IP address of the Identity Manager server:8543/osp/a/idm/auth/oauth2/getattributes
    OAUTH Web Service Server Certificate

    Import the certificate from the Identity Manager server for the OAuth web service server.

    OAuth Client ID

    Specify SSPR as the client ID of the OAuth client. This value is provided by the OAuth identity service provider.

    OAuth Shared Secret

    Specify the OAuth shared secret. This value is provided by the OAuth identity service provider.

    OAuth User Name/DN Login Attribute

    Specify the attribute to request from the OAuth server that is used as the user name for local authentication. This value is then resolved as the same password the user had typed at the local authentication page. For example, cn would be the attribute that contains the OAuth User Name or the DN Login Attribute.

  7. In the toolbar, click Save changes.

11.3.2 Set the Self Service Password Reset Theme to Match the Identity Manager Theme

Self Service Password Reset includes an option to use the Identity Manager theme for the Self Service Password Reset password management page. To set the theme of the Self Service Password Reset web page to match the Identity manager theme, perform the following in the Self Service Password Reset Configuration Editor page:

To configure the Self Service Password Reset user interface to match Identity Manager:

  1. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  2. In the toolbar, click your name.

  3. Click Configuration Editor.

  4. Click Settings > User Interface > Look & Feel.

  5. Select IDM (Identity Manager) from the list of themes in the Interface Theme setting.

  6. In the toolbar, click Save changes.

11.3.3 Configure Syslog Audit server

Self Service Password Reset provides logging and auditing functionality to send event alerts. To configure Self Service Password Reset audit server with the Identity Manager server you must configure the Syslog Audit Servers setting in the Configuration Editor page. Settings > Auditing > Audit Forwarding > Syslog Audit Server.

When this value is set, all the audit events are sent to the specified syslog server. For more information about configuring the audit server, see Auditing for Self Service Password Reset.