Tech Tip - CA Single Sign-On: Basic Forgotten Password Services Configurations for IIS

Document created by Kelly Wong Employee on May 31, 2015Last modified by kristen.palazzolo on Dec 17, 2016
Version 4Show Document
  • View in full screen mode

CA Single Sign-On Tech Tip by Sau Lai Wong, Senior Support Engineer for 31st May 2015


Basic Forgotten Password Services Configurations for IIS:

 

 

     1.      Extend User Directory schema to include APS attributes (<siteminder>\APS_Docs directory):


    • Run the APSExpire utility [APSExpire JOBONE –v –A] against the user directory after schema is updated. APSExpire will update all of the users in your directory, initializing the smapsBaseDate and smapsNextAction attributes
    • Ensure that every new user is created with the objectclass that allows access to the new attributes

 

2.      Create FPS virtual directory

    • IIS – enable CGI-exe module from Handler Mappings, add and allow Forgot.exe (<webagent>\win32\bin\Web\FPS\Forgot.exe) to the ISAPI and CGI Restrictions

 

3.      Rename smaps.rename4aps.dll to smaps.dll (<siteminder>\bin)

 

4.      Edit APS.cfg:

    • The Directory setting specifies the directory that FPS will search for users. Only a single directory is supported for FPS.
    • Enable/ disable audit logging for FPS activity.
    • You can opt to define different query to be used specifically for APS. It overrides the query by the same name defined in Siteminder.

 

5.      Edit SmPortal.cfg:

    • Define the Policy Server IP address (MyServer.ip)
    • Note the Agents defined in this file and create the same name 4.x agents in Policy Server

 

6.      To test forgotten password services, access http://<webserver hostname>/fps/identify.asp

 

NOTE: Before running APSExpire utility, please update APS.cfg JOBONE parameter:

      • LDAP – IP address, network name or SiteMinder User Directory name of an LDAP directory defined to SiteMinder through the Policy Interface
      • ODBC -- DSN name or the SiteMinder User Directory name of an ODBC user directory defined to SiteMinder through the Policy Interface

Attachments

    Outcomes