Advanced Password Services (APS) runs in conjunction with the SiteMinder Policy Server. After SiteMinder has attempted each authentication of a user against a directory, APS is consulted to verify the authentication. Each login attempt, successful or failed, is presented to APS behind the scenes and APS is asked to verify that the user is valid and not disabled. Advanced Password Services checks its own records of that user's activity, including the number of failed login attempts that user has accumulated and the length of time since the user last successfully authenticated. APS then checks whether the user has been disabled, finally updates its records and either allows an authenticated user access, or halts a successful authentication, rejecting the login and (possibly) disabling the user's account.
Advanced Password Services also allows users to change their own passwords through the Change Password Interface, which can be customized for your organization, or the API, which can be called by your own or third party tools. Users must be configured through the SiteMinder Policy Server to have access to the Change Password Interface, but in most circumstances, this will not require periodic maintenance.
Password content policies apply only to passwords changed through the Change Password Interface and the API. They are not applied to existing passwords nor password changes made using other interfaces (such as Windows NT or iPlanet's Directory Server).
APS includes Forgotten Password Services (FPS), which can allow users to interactively recover forgotten passwords or user ids in as secure a manner as possible.
There is also a Help Desk interface (not shown in diagram above) called APSAdmin, which allows sites to quickly set up simple user account enable/disable/password reset operations.
|
Copyright © 2014 CA.
All rights reserved.
|
|