Starting with Version 4.1, SiteMinder included Password Services. The functionality included is essentially a subset (with a few extensions) of the Advanced Password Services Version 1.1 functionality. Compared to APS Version 1.1, PS adds policies based on the user’s location in the Directory and removes email support and support for Windows NT user directories.
Not every site requires Advanced Password Services. For some sites, the functionality provided by Password Services is sufficient.
It should be noted that there are no utilities for converting data from PS to APS or vice versa. Each system stores its information separately; they cannot access each other’s data.
The following table compares the features of PS with this version of APS. Check with your CA Representative for current comparisons.
|
Feature |
Basic PS (v6.0) |
APS (v5.5) |
Comment |
|---|---|---|---|
|
Password format control
|
|||
|
Minimum Length |
Yes |
Yes |
|
|
Maximum Length |
Yes |
Yes |
|
|
Minimum Letters |
Yes |
Yes |
|
|
Minimum Uppercase Letters |
Yes |
Yes |
|
|
Minimum Lowercase Letters |
Yes |
Yes |
|
|
Minimum Digits |
Yes |
Yes |
|
|
Minimum Alphanumeric |
Yes |
Yes |
|
|
Minimum Punctuation |
Yes |
Yes |
|
|
Minimum Symbols |
No |
Yes |
|
|
Minimum non-alphanumeric |
Yes |
Yes |
|
|
Maximum Repeat |
Yes |
Yes |
|
|
Minimum Type Combinations |
No |
Yes |
|
|
Complexity Thresholds |
No |
Yes |
|
|
Forced case (case-insensitivity) |
Yes |
Yes |
|
|
Regular Expression Match |
Yes |
Yes |
|
|
Regular Expression Forbid |
Yes |
Yes |
|
|
Allowed Characters List |
No |
Yes |
|
|
Disallowed Characters List |
No |
Yes |
|
|
Reuse Timer |
Yes |
Yes |
|
|
Reuse Counter |
Yes |
Yes |
|
|
Require Percentage Change |
Yes |
Yes |
|
|
Prevent use of Profile Values |
Yes |
Yes |
APS can parse words in the profile and exclude specific attributes |
|
Directory Support (see the CA Support Site for specific vendors & versions)
|
|||
|
LDAP Consumers |
Yes |
Yes |
|
|
Access to all values |
No |
Yes |
Except password history |
|
Requires Schema mods |
No |
Yes |
|
|
Exclude Accounts from Processing |
No |
Yes |
|
|
Event Handling
|
|||
|
Number of Unique Events |
1 |
7+ |
APS can selectively trap events |
|
Redirect user |
Yes |
Yes |
|
|
Macro substitution into URL |
No |
Yes |
Attribute substitution as well |
|
Vary URL by realm/user |
No |
Yes |
|
|
Send Mail |
No |
Yes |
|
|
Macro substitution into Mail |
N/A |
Yes |
Attribute substitution as well |
|
Notify of Password Change |
N/A |
Yes |
|
|
Password Expiration
|
|||
|
Warning before expiration |
Yes |
Yes |
APS can send warning without requiring a user login |
|
Password Expires |
Yes |
Yes |
|
|
Grace period after expiration |
No |
Yes |
|
|
Grace logins after expiration |
No |
Yes |
|
|
Per-user overrides of period |
No |
Yes |
|
|
Account Expiration
|
|||
|
Disable at login |
Yes |
Yes |
|
|
Warn days before disabling |
No |
Yes |
|
|
Disable upon expiration |
No |
Yes |
|
|
Disable at specific date/time |
No |
Yes |
|
|
Disable if no login by date/time |
No |
Yes |
|
|
Disable until specified date/time |
No |
Yes |
|
|
Per-user overrides of period |
No |
Yes |
|
|
Report when eligible for purge |
No |
Yes |
|
|
Arbitrary Account Disable |
No |
Yes |
With custom reason codes |
|
"n"-strikes, you’re out processing
|
|||
|
Configurable number of strikes |
Yes |
Yes |
|
|
Works with LDAP outage |
No |
Yes |
|
|
Automatic reset after time |
Yes |
Yes |
|
|
Manual reset |
Yes |
Yes |
|
|
Permanently disable account |
Yes |
Yes |
Optional in both cases |
|
Notify Administrator |
No |
Yes |
Via email event/pager interface |
|
Notify Administrator of continuing attack |
No |
Yes |
Via email event/pager interface |
|
Configuration
|
|||
|
By location in LDAP DIT |
Yes |
Yes |
|
|
By arbitrary expression |
Limited |
Full |
|
|
Policies stored in |
Policy Store |
Flat File |
|
|
Simple Policy Configuration |
Yes |
Yes |
|
|
Cascading Policies |
Yes |
Yes |
|
|
Easy migration of configuration information between environments |
No |
Yes |
Meaning promotion from DEV to QA to Production environments by separating environment specific settings from configuration settings into separate files. |
|
Password Change Forms
|
|||
|
Languages supported |
Limited |
Any |
|
|
Internationalized messages |
No |
Yes |
|
|
Customized messages |
No |
Yes |
|
|
User-initiated password change |
Yes |
Yes |
|
|
Redirect on error |
No |
Yes |
|
|
Administrator Interface
|
|||
|
Supports all product features |
No |
Yes |
|
|
Limit access to subsets of users |
No |
Yes |
|
|
Audited |
Yes |
Yes |
|
|
Can be externally accessible |
No |
Yes |
|
|
Can add custom attributes |
No |
Yes |
|
|
Attribute access by user |
No |
Yes |
|
|
Look & Feel configurable |
No |
Yes |
By user, if desired |
|
Can be tied into existing apps |
No |
Yes |
|
|
Tools Supplied |
|
|
|
|
Set Force Change Flag |
Yes |
Yes |
|
|
Command line change password |
No |
Yes |
|
|
Other tools |
None |
7 |
|
|
Per User Usage Statistics
|
|||
|
Available in responses |
Limited |
Yes |
|
|
Last Login Date |
Available in responses |
Yes |
Includes IP address |
|
Previous Login Date |
Available in responses |
Yes |
Optional. Includes IP address |
|
Last Password Change Date |
No |
Yes |
|
|
Last Failure Date |
No |
Yes |
Optional. Includes IP address |
|
Login History |
No |
Yes |
Optional. Includes IP address |
|
Failures since last login |
No |
Yes |
Optional. Includes IP address |
|
Failures since previous login |
No |
Yes |
Optional. Includes IP address |
|
Max failures between logins |
No |
Yes |
Optional |
|
Total Logins |
No |
Yes |
Optional |
|
Total Failures |
No |
Yes |
Optional |
|
Forgotten Password Usage |
No |
Yes |
Optional |
|
Forgotten Password Support
|
|||
|
Included with package |
No |
Yes |
|
|
User-selected password |
N/A |
Yes |
|
|
Automatically login at end |
N/A |
Yes |
|
|
Lockout with Counter |
N/A |
Yes |
|
|
Sample Forms |
N/A |
Yes |
|
|
Consumable questions |
N/A |
Yes |
|
|
One-use passwords |
N/A |
Yes |
|
|
Secure new password delivery |
N/A |
Yes |
|
|
Encrypted/hashed answers |
N/A |
Yes |
|
|
Sample forms provided |
N/A |
asp/jsp |
|
|
SiteMinder Integration
|
|||
|
Policy Server different from Web Agent’s Policy Server |
No |
Yes |
|
|
Failover Policy Servers |
Yes |
Yes |
|
|
Round-robin Policy Servers |
Yes |
Yes |
|
|
Configured through Policy GUI |
Yes |
No |
|
|
Integrates with DMS2 |
Yes |
Yes |
|
|
Application Programming Interface
|
Limited |
Yes |
|
|
Miscellaneous
|
|||
|
Custom Logging |
No |
Yes |
Source provided |
|
Custom Extensions |
No |
Yes |
|
|
Disabled groups |
No |
Yes |
|
|
Redirect at first/next login |
No |
Yes |
|
|
Message of the Day Service |
No |
Yes |
|
|
Copyright © 2014 CA.
All rights reserved.
|
|