Symantec Access Management

  • 1.  Configuring Advanced Password Services in Siteminder

    Posted Jan 03, 2014 11:22 AM

    I'm trying to configure Advanced Password Services in Siteminder R12.5. (Under Windows 2008R2)

    First of all, I'm surprised there is no UI for this.  But that's not the problem.

    After going through all the steps from somewhat confusing APS Guide, I get the following message when trying to use FPS (Forgot Password Functionality):

    Sorry, your profile does not contain the information required to perform this service.  Please call our service desk.......

     

    I've checked LDAP and see all the "smps*" attributes set up correctly and user is initialized accordingly.  So, what could be missing?

    Thanks.

     

     

     

     



  • 2.  RE: Configuring Advanced Password Services in Siteminder

     
    Posted Jan 06, 2014 06:17 PM
    gena.pasmanik:

    I'm trying to configure Advanced Password Services in Siteminder R12.5. (Under Windows 2008R2)

    First of all, I'm surprised there is no UI for this.  But that's not the problem.

    After going through all the steps from somewhat confusing APS Guide, I get the following message when trying to use FPS (Forgot Password Functionality):

    Sorry, your profile does not contain the information required to perform this service.  Please call our service desk.......

     

    I've checked LDAP and see all the "smps*" attributes set up correctly and user is initialized accordingly.  So, what could be missing?

    Thanks.

     

     

     

     


    Hi All,

    Any ideas here for Gena?

    Thanks!

    Chris



  • 3.  RE: Configuring Advanced Password Services in Siteminder
    Best Answer

    Posted Jan 07, 2014 10:50 AM

    I've resolved it. 

    Thanks.

    By default, FPS-VERIFY section was enabled, and it included Lookup=SecretAnswer=carlicense in the settings.

    carlicense attribute was not available in the user's profile; therefore, we were getting that error.

    There is no documentation about this, and no detailed tracing/debugging available.  Just had to dig through enormous configuration file trying to figure out where the problem could be.  Very disappointed in the way Advanced Password Services have to be configured, and the lack of good documentation.

     

     



  • 4.  RE: Configuring Advanced Password Services in Siteminder

    Posted Jan 07, 2014 11:30 AM

    Gena,

     

    there's a document on logging so that you can adjust trace logging for things like this.

     

    see this thread:

     

    https://communities.ca.com/web/ca-identity-and-access-mgmt-distributed-global-user-community/message-board/-/message_boards/message/101073853?&#p_19



  • 5.  RE: Configuring Advanced Password Services in Siteminder

    Posted Jan 07, 2014 12:22 PM

    Thank you, Josh.

    That is very helpful.

    Do you know how to enable APSMAIL_COMMLOG.  This is supposedly an Environment variable that needs to be added, and additional logging showing APS communication with Email server should be available.  I've added this Environment variable in Windows 2008, but still not seeing any additional logging as described in the documentation (APS Guide).

    APSMAIL.DLL is crashing both Policy Server and the APSMAILTest.exe utility INTERMITTENTLY, and I can't figure out why.

     



  • 6.  RE: Configuring Advanced Password Services in Siteminder

    Posted Jan 08, 2014 09:16 AM

    Got it figured out.

     



  • 7.  RE: Configuring Advanced Password Services in Siteminder

    Posted Jan 08, 2014 04:21 PM

    just saw this now. glad you got it. 

     

    unortunately i havent played much with APS.



  • 8.  Re: Configuring Advanced Password Services in Siteminder

    Posted Mar 13, 2016 11:04 PM

    Hello Gena,

    can you briefly explain how did you configured the advanced password services on both the policy and web servers. I am going through the document and little bit confused with the smportal and smtransact. How did you setup this at the web agent side web server. Do we need to configure any special policies and responses at the domain level for using aps. Thanks in advance. 



  • 9.  Re: Configuring Advanced Password Services in Siteminder

    Posted Mar 14, 2016 04:42 AM

    Hi Krishna,


    Have a look at this :

    https://communities.ca.com/docs/DOC-231163891


    Let me know if any questions.


    Cheers,

    Ujwol