Administration Guide › Integrating the SPS with SiteMinder › Password Services for SPS

Password Services for SPS

Password services are a SiteMinder feature that provides an additional layer of security to protected resources by allowing a SiteMinder administrator to manage user passwords. Password services allow an administrator to create password policies that define rules and restrictions governing password expiration, composition, and usage.

When configuring password services in SiteMinder, a password policy is associated with a directory. All users contained in the directory, or some part of the directory identified by an LDAP search expression, must adhere to the password policy. Password services are processed from inside the Apache Web server rather than from a back-end Web server hosting an agent.

Note: For more information about password services, see the Policy Design Guide.

Configure a Password Policy for SPS

For SiteMinder to implement Password Services in a SPS deployment, the redirection URL specified in the Policy Server User Interface must refer to the SPS server, with the addition of a specific virtual directory path.

To configure a password policy for SPS

1. Log in to the Policy Server User Interface.
2. Select the Systems tab in the Policy Server User Interface.
3. Click the User Directories object.
4. In the User Directory List select the user directory you want to protect with Password Services.
5. Right click and select Properties of User Directory.

   The User Directory Properties dialog appears.

6. In the Credentials and Connection tab, select Require Credentials.
7. Enter the administrator's credentials, including the Username and Password.
8. In the User Attributes tab of the same dialog, enter names for the following directory user profile attributes:
   • Universal ID (example: uid)
   • Disabled Flag (example: carLicense)
   • Password Attribute (example: userPassword)
   • Password Data (example: audio)

   Note: For more information on the User Directory Properties dialog, see the Policy Server User Interface help.

9. Click OK.
10. In the System tab, select the Password Policies object.
11. Right click on the Password Policies object and select Create Password Policy.

    The Password Policy Properties dialog appears.

12. In the General tab, select the name of the user directory for which you made the settings for Password Services.
13. In the General tab, specify a Redirection URL as follows:

    /siteminderagent/pw/smpwservicescgi.exe
    

14. Click OK.

    The configuration is complete.

Verify Password Services for SPS

After you have configured Password Services for the SPS, you can perform a simple test to see whether Password Services are in effect.

To verify whether Password Services is working

1. Select the password-protected directory from the User Directory list.
2. Select Manage User Accounts from the Tools menu.

   The User Management dialog appears.

3. Select a user.
4. Select "User must change password at next login."
5. Click OK.

When you next request a protected page in SPS and are challenged, enter the credentials for the specified user. The Password Change screen appears, indicating the Password Services is working.