Self Service Password Reset can integrate with different systems to provide a single sign-on (SSO) experience for your users. Self Service Password Reset supports basic authentication (basic auth), HTTP SSO, and OAuth.
Self Service Password Reset allows you to use HTTP basic authentication for a single sign-on experience for your users. By default, Self Service Password Reset uses basic authentication.
To configure basic authentication:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Settings > Single Sign On (SSO) Client > Basic Authentication.
Configure the following settings:
Enable this option to enable basic authentication for Self Service Password Reset. By default, this option is enabled.
Enable this options to force basic authentication. If false, then the system presents the form page for unauthenticated users, however, if a basic auth header is present, the system always uses it.
In the toolbar, click Save changes.
Self Service Password Reset allows you to create a single sign-on experience using an HTTP header. Self Service Password Reset uses the HTTP header to automatically log users into an application with a user name only.
To configure the HTTP header for single sign-on:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Settings > Single Sign On (SSO) Client > HTTP SSO.
Configure the following setting:
Specify the name of the HTTP header that configures Self Service Password Reset to use an upstream server to allow automatic logins with only a user name, a password is not required. This setting controls the name of the HTTP header. When used, Self Service Password Reset prompts users for their passwords to access certain functionality.
In the toolbar, click Save changes.
Self Service Password Reset allows you to create a single sign-on experience for your users using OAuth. You must have a basic understanding of OAuth to complete the configuration because you must obtain OAuth-specific information from the application to complete the configuration. For more information, see https://oauth.net/2/.
Use the following information to create an OAuth single sign-on experience for your users. You must gather information from the OAuth Identity Server of your application.
To configure OAuth SSO:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Settings > Single Sign On (SSO) Client > OAuth.
Configure the following settings:
Specify the URL for OAuth server login. This is the URL to redirect the users to for authentication.
Specify the URL for OAuth Code Resolve Service. Self Service Password Reset uses this web service URL for resolving the artifact that the OAuth identity server returns.
Specify the URL for the web service that the Identity Server provides to return attribute data about the user.
Import a certificate for the OAuth web service server.
Specify the client ID of the OAuth client. The OAuth Identity Service provider gives you this identity.
Specify a password for the OAuth shared secret. The OAuth Identity Service provider gives you this value.
Specify the attribute that you want the OAuth server to identify as the user name for local authentication. Self Service Password Reset then resolves this value as the same password that the users type at the local authentication page.
In the toolbar, click Save changes.