Products
Applications
Support
Company
How To Buy
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Register
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
Communities
All Communities
Enterprise Software
Mainframe Software
Symantec Enterprise
Blogs
All Blogs
Enterprise Software
Mainframe Software
Symantec Enterprise
Events
All Events
Enterprise Software
Mainframe Software
Symantec Enterprise
VMware
Water Cooler
Groups
Enterprise Software
Mainframe Software
Symantec Enterprise
Members
Symantec Access Management
Private Community
View Only
Community Home
Threads
Library
Events
Members
Back to Library
Tech Tip - CA Single Sign-On: Basic Forgotten Password Services Configurations for IIS
0
Recommend
May 31, 2015 07:22 PM
wonsa03
CA Single Sign-On Tech Tip by Sau Lai Wong, Senior Support Engineer for 31st May 2015
Basic Forgotten Password Services Configurations for IIS:
1.
Extend User Directory schema to include APS attributes (<siteminder>\APS_Docs directory):
Run the APSExpire utility [APSExpire JOBONE –v –A] against the user directory after schema is updated. APSExpire will update all of the users in your directory, initializing the smapsBaseDate and smapsNextAction attributes
Ensure that every new user is created with the objectclass that allows access to the new attributes
2.
Create FPS virtual directory
IIS – enable CGI-exe module from Handler Mappings, add and allow Forgot.exe (<webagent>\win32\bin\Web\FPS\Forgot.exe) to the ISAPI and CGI Restrictions
3.
Rename smaps.rename4aps.dll to smaps.dll (<siteminder>\bin)
4.
Edit APS.cfg:
The Directory setting specifies the directory that FPS will search for users. Only a single directory is supported for FPS.
Enable/ disable audit logging for FPS activity.
You can opt to define different query to be used specifically for APS. It overrides the query by the same name defined in Siteminder.
5.
Edit SmPortal.cfg:
Define the Policy Server IP address (MyServer.ip)
Note the Agents defined in this file and create the same name 4.x agents in Policy Server
6.
To test forgotten password services, access
http://<webserver hostname>/fps/identify.asp
NOTE:
Before running APSExpire utility, please update APS.cfg JOBONE parameter:
LDAP – IP address, network name or SiteMinder User Directory name of an LDAP directory defined to SiteMinder through the Policy Interface
ODBC -- DSN name or the SiteMinder User Directory name of an ODBC user directory defined to SiteMinder through the Policy Interface
Statistics
0 Favorited
1 Views
0 Files
0 Shares
0 Downloads
Tags and Keywords
Related Entries and Links
No Related Resource entered.
Copyright 2019. All rights reserved.
Powered by Higher Logic