The SSPR configuration file must include the details on all the Identity Manager settings. So, apart from the values that you set for SSPR settings, you must configure the following settings from the Configuration Editor page:
SSPR provides a template to set default settings for eDirectory. To set default LDAP settings for eDirectory, click Template and then select the NetIQ eDirectory template.
To configure the LDAP settings, perform the following steps:
In Configuration Editor, select Template > NetIQ eDirectory.
Click Settings > NetIQ eDirectory.
Specify the following values for the respective fields:
Field |
Description |
---|---|
Enable NMAS Responses for Forgotten Password |
Select this check box to use NMAS stored responses during forgotten password recovery. SSPR tries all other configured storage methods before evaluating. |
Click Actions > Save.
SSPR includes the IDM theme to provide the users the same look and feel as they get when working on an IDM interface.
To specify the IDM user interface, perform the following:
In Configuration Editor, click Settings > User Interface.
Click View > Always Show Advanced Settings to see and configure the advanced settings.
Specify the following values for the respective fields:
Field |
Value |
Description |
---|---|---|
Interface Theme |
IDM |
Select this theme from the list the SSPR interfaces list. |
Show Home Button |
Deselect the Enabled checkbox |
Deselecting this check box does not display the Home button. |
Click Actions > Save.
SSPR allows you to configure basic settings for the identity applications to control functionality and behavior of the system.
In Configuration Editor, click Settings > Application.
Specify the following Values for the respective fields:
Field |
Value |
Description |
---|---|---|
Site URL |
http://<ip address>:<port number>/sspr Where, ip address is the IP address of the server where SSPR is installed and port number is 8180 by default. |
This is the default URL to access SSPR. This URL is used in email and other user communications. |
Forward URL |
http://<ipaddress>:<port number>/landing |
After completing any activity, which does not require a logout, users are forwarded to this URL. |
Logout URL |
http://<ipaddress>:<port number>/osp/a/idm/auth/app/logout |
This is the default URL to which SSPR redirects users after logout. |
Click Actions > Save.
These settings are applicable for all the users and are not dependant on the password policy or any profile. For more information on profile specific password policy, refer Section 5.2, Configuring Password Policy for a Profile.
To configure the password setting, perform the following:
In Configuration Editor, click Settings > Password Settings.
Specify the following value for the respective field:
Field |
Value |
Description |
---|---|---|
Password Policy Source |
Select LDAP form the drop down list. |
SSPR reads the LDAP password policies. |
Click Actions > Save.
These settings control the challenge/ response feature. These settings are not dependant on the challenge policy.
To configure the challenge settings, perform the following steps:
In Configuration Editor, click Settings > Challenge Settings.
Specify the following values for the respective fields:
Field |
Value |
Description |
---|---|---|
Maximum Characters of Challenge Allowed in Response |
0 |
This setting allows you to use for the response the same characters that you use for the challenge questions. This allows a user's response to be the same as the challenge. |
These settings control the security of the applications.
To configure the security settings, perform the following:
In Configuration Editor, click Settings > Security.
Specify the following values for the respective fields:
Field |
Value |
Description |
---|---|---|
Redirect Whitelist |
http://<ipaddress>:<port number> |
This value is the URL fragment that can be used for URL forwarding. |
Prevent HTML Framing (Advanced) |
De-select Enabled |
De-selecting this option allows users to view SSPR in an inline frame for any identity application that includes the iframe html source code. |
Click Actions > Save.
These settings are intended for the developers and the component integrators to integrate SSPR with other external source.
To configure these settings, perform the following:
In Configuration Editor, click Settings > Integration/Developer.
Specify the following value for the respective field:
Field |
Value |
Description |
---|---|---|
Enable External Web Services |
Select Enabled (True) |
Selecting this check box allows public use of Web services. |
Click Actions > Save.
These settings control the SSPR interaction with the LDAP directory.
To configure the settings for LDAP directory profiles, perform the following:
In Configuration Editor, click Profiles > LDAP Directory Profiles.
Specify the following values for the respective fields:
Field |
Value |
Description |
---|---|---|
LDAP URLs |
ldaps://<IP address of the LDAP server>:<LDAP port> |
Specify the LDAP URLs. |
LDAP Proxy User |
cn=admin,ou=sa,o=system |
You can gain access to the LDAP directory through the LDAP proxy user. |
LDAP Contextless Login Roots |
ou=sa,o=data |
This is the top level LDAP container in which the eDirectory users exist. |
Click Actions > Save.
These settings control configuration of password policy for specific group of users by using the password policy profile.
In Configuration Editor, click Profiles > Password Policy Profiles.
Specify the following values for the respective fields:
Field |
Value |
Description |
---|---|---|
Enable Wordlist |
De-select Enabled (True) |
De-selecting this option specifies that SSPR is not required to verify the password from the wordlist. |
Disallowed Values |
This option specifies the list of case insensitive values that you do not want to allow in the password. For IDM, you do not require to add any value for this option. |
Click Actions > Save.
The Forgotten Password feature allows users to recover a forgotten password without contacting helpdesk.
To configure settings for forgotten password, perform the following:
In Configuration Editor click Modules > Forgotten Password.
Specify the following values for the respective fields:
Field |
Value |
Description |
---|---|---|
Forgotten Password User Search Form |
Name: cn, Label: Username, and select text from the drop down list. |
These are form attributes and are required to authenticate the users. These details are confidential. |
Forgotten Password User Search Filter |
(&(objectClass=person)(cn=%cn%)) |
|