Hi,
We don't want to use authentication using username/password any more.
We developed our own Custom Authentication scheme for Userid / OTP (where userid can also be the emailaddres)
This authentication scheme should be the only way to logon to the different web applications.
Some web applications use the old fashioned username/password authentication, eg. logon to Identity Manager.
All web applications should use the user id /OTP format.
This mean that we should change Identity Manager forms also, when a user is created or modified a password
no longer is required.
Also the Identity Manager superuser will have a user id/OTP for managing the users/organizations/roles/screens etc.
The reset password no longer exists.
In Siteminder we have the password policy, which we don't need any longer. users don't have to change the passwords any more.
Also the user has a special attribute for de password data-blob, not needed any more (configured in the directory definition)
So, what steps are needed when a password is no longer required for a user.
Regards,
Edwin Scheffer