If you are using SSPR as a standalone product, then you must perform the following to use SSPR as the password management tool for Identity Manager 4.5:
NOTE:Ensure that you have selected Password Management Provider as Self Service password Reset (SSPR) in the Roles Based Provisioning Module (RBPM) Configuration utility of Identity Manager 4.5. For more information about configuring settings in RBPM Configuration utility, refer Configuring the Settings for the Identity Applications in the NetIQ Identity Manager Setup Guide.
This section discusses various settings that enable SSPR to integrate with OAuth Identity Server for a single sign-on. The Identity Manager RBPM configuration utility includes OAuth settings under Self Service Password Reset in the SSO clients tab. The OAuth settings that are defined in the RBPM configuration utility must be included in the SSPR OAuth settings. For more information about configuring or viewing the settings in the RBPM configuration utility, refer Configuring Identity Manager to Use Self Service Password Reset in the NetIQ Identity Manager Setup Guide.
To specify the Identity Manager 4.5 OAuth settings in SSPR, perform the following in the SSPR Configuration Editor page:
In Configuration Editor, click Settings > OAuth SSO.
Specify the following values for the respective fields:
|
Field |
Value |
Description |
|---|---|---|
|
OAuth Login URL |
http://<IP address of the server>:8180/osp/a/idm/auth/oauth2/grant |
Specify the URL for OAuth server login. This is the URL to redirect the user for authentication. |
|
OAuth Code Resolve Service URL |
http://<IP address of the server>:8180/osp/a/idm/auth/oauth2/authcoderesolve |
Specify the URL for OAuth Code Resolve Service. This Web service URL is used for resolving the artifact that the OAuth identity server returns. |
|
OAuth Profile Service URL |
http://<IP address of the server>/osp/a/idm/auth/oauth2/getattributes |
Specify the URL for the Web service that the Identity Server provides to return attribute data about the user. |
|
OAuth Client ID |
sspr |
Specify SSPR as the client ID of the OAuth client. This value is provided by the OAuth Identity Service provider. |
|
OAuth Username/DN Login Attribute |
name |
SSPR identifies this value as the username for local authentication. This value is then resolved as the same password the user had typed at the local authentication page. |
Click Actions > Save.
SSPR includes an option to use the Identity Manager theme for the SSPR password management page. To set the theme of the SSPR webpage to match the Identity manager theme, perform the following in the SSPR Configuration Editor page:
Click Settings > User Interface.
Select IDM from the list of themes in the Interface Theme setting.
SSPR provides logging and auditing functionality for sending event alerts. To configure SSPR audit server with the IDM server you must configure the Syslog Audit Servers setting in the Configuration Editor page. When this value is set, all the audit events are sent to the specified syslog server. For more information about configuring the audit server, refer Section 3.13, Configuring Logging and Auditing.