10.3 Configuring Self Service Password Reset for Advanced Authentication

To integrate Self Service Password Reset, you must enable the Forgotten Password module and create an identification method of OAuth2 for Forgotten Password. OAuth 2 is an authentication framework Self Service Password Reset uses to create a secure connection to Advanced Authentication for your users. You also create an Oauth2 event in Advanced Authentication.

Ensure that you have created an Event type in Advanced Authentication before configuring Self Service Password Reset. You must obtain information from the Event type configuration to complete the Self Service Password Reset configuration. For more information, see Configuring Advanced Authentication to Integrate with Self Service Password Reset.

To configure the Forgotten Password module with an OAuth 2 verification method to Advanced Authentication:

  1. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  2. In the toolbar, click your name.

  3. Click Configuration Editor.

  4. Configure a Forgotten Password profile for the group of users that will use Advanced Authentication to access Self Service Password Reset with the following specific configuration.

    1. Click Modules > Public > Forgotten Password > Profile > default > Definition Verification Method.

      Define the default profile for your users or create a new profile.

    2. Set OAuth2 to Optional and Challenge/Response Answers to Optional.

    3. (Optional) After the validation of OAuth2, you can set this option to Mandatory instead.

    4. Change Minimum Optional Required to a value of 1 to display the menu to users for selection of either Challenge/Response or an external Advanced Authentication server.

    5. Use the help and the documentation to finish configuring the profile definition for your users. For more information, see Configuring the Forgotten Password Profile.

  5. Click Modules > Public > Forgotten Password > Profile > default > OAuth.

    1. In the OAuth Client ID field, click Add, then copy the Client ID from Advanced Authentication.

    2. In the OAuth Shared Secret field, click Store Value, then copy the Client secret from Advance Authentication.

    3. In the OAuth User Name/DN Login Attribute field, click Add Value, then add the Advanced Authentication attribute that represents the user name. For Advanced Authentication the attribute is user_name.

    4. In the OAuth Inject User Name Value field, click Add Value, then add your Advanced Authentication repository name with a macro appended containing the user name. The Advanced Authentication repository is the LDAP directory that contains your users. For example:

      AdvanceAuthDirectory\@LDAP:name@

    5. Use the help and the documentation to finish configuring the profile OAuth options. For more information, see Configuring the OAuth2 Verification Method for the Forgotten Password Module.

  6. Ensure that you have defined the Forgotten Password Settings for this module. For more information, see Configuring the Forgotten Password Settings.

  7. In the toolbar, click Save changes.