This section discusses various settings that enable integrating SSPR with external Web authentication methods. You can integrate SSPR with NetIQ Access Manager. These settings are intended for the developers and the component integrators to integrate SSPR with other external source and keep the session more secure for the users.
To configure integration of external authentication, perform the following steps:
In Configuration Editor, click Settings > Integration/Developer.
Click View > Always Show Advanced Settings to see and configure the advanced settings.
Configure the following settings:
|
Field |
Description |
|---|---|
|
External Judge Method |
Specify the Java classes that SSPR calls to determine the strength of a given password. External judge methods must implement the interface password.pwm.ExternalJudgeMethod. During password checks, all listed classes are invoked. If multiple results are returned, the lowest returned value is used. |
|
HTTP Proxy |
Specify the URL of the HTTP proxy server. If the value is not provided then proxy server is not used. For an http proxy server, use the http://serverame:3128 format. For an authenticated proxy server, use the http://username:password@servername:3128 format. |
|
Enable External Web Services |
Select this check box to allow public use of Web services. The form nonce is not required to invoke the Web services after enabling this feature. When this option is disabled, the form nonce is required to invoke all Web services. The form nonce is difficult to retrieve programmatically. |
|
Allow Web Services Read Answers |
Select this check box to allow Web services to read stored challenge/response answers of users. The read responses are available in the hashing method format that is being used. |
|
Enable Public Health and Statistics Web Services |
Select this check box to allow public use of the Health and Statistics web services. These services require authentication to retrieve the data. This option allows the use of web services without authenticating the user. This setting is required for the public (non-authenticated) page at /public/health.jsp to be functional. |
|
Web Services Third Party Query String |
Specify the users that are permitted to execute REST web services and can specify a third party by using the 'username' parameter. |
|
External Web Auth Methods |
Specify the external Web authentication methods. |
|
Enable URL Shortening Service Class (Advanced) |
Specify the Java class name that implements a short URL service. You must include the corresponding JAR or ZIP file in the classpath, typically in the WEB-INF/lib directory or the application server's lib directory. |
|
Regular Expression for Matching URLs (Advanced) |
Specify a regular expression to match URLs that are shortened by the URL shortening service class. |
|
Configuration Parameters for URL Shortening Service (Advanced) |
Specify the Name/Value settings that are used in configuring the selected URL shortening service such as, API key, username, password and domain name. This setting must have the “name=value” format. Where, name is the key value of a valid service setting. |
|
External Token Destination Server URLs (Advanced) |
Specify a valid URL for the RESTful client API to allow flexibility in reading and in displaying the destination token addresses to the user. |
|
External Macro REST Server URLs (Advanced) |
Specify the URLs for the RESTful client API to provide additional macro functions. The format of this setting must be @External<number>:<value> where, number can be any number representing the order of the URL and value is the URL. For example, @External1:value@ corresponds to the first URL, @External2:value@ corresponds to the second URL and so on. |
|
External Password Check REST Server URLs (Advanced) |
Specify the URLs for the RESTful client API to allow additional password rule validation for an application. |
|
Web Service User Attributes (Advanced) |
Specify the user attributes that are used in various web services and are presented as part of the user's data set. |
|
External Change Method |
Specify Java classes that SSPR calls after a successful password change. These classes may take actions such as updating passwords in other systems or updating eDirectory. External password classes must implement the interface password.pwm.ExternalChangeMethod. Leave this field blank if you have not added custom Java code. |
|
External Rule Method |
Specify the Java classes that SSPR calls to determine any rule violations in a given password. External rule methods must implement the interface password.pwm.ExternalRuleMethod. Leave this field blank if you have not added custom Java code. |
|
CAS ClearPass URL |
Specify the ClearPass URL for Central Authentication Service (CAS) authentication integration. Edit the WEB-INF/web.xml file also to enable the CAS integration. Uncomment the section for the CAS servlet filters, and modify the CAS servlet parameters as appropriate for your configuration. |
|
Configuration Parameters for Shortening Service |
Specify the name and value settings used to configure the selected URL shortening service. For example, an API key, username, password, or domain name. The settings must be in the name=value format, where name is the key value of a service setting. |
Click Actions > Save.