Delegated Management Services (DMS2) is a CA product, which some sites use to maintain user entries in a Directory. It supports self-registration, self-service profile management and help desk functionality.
DMS2 has been superceded by a new product from CA called Identity Manager.
APS includes sample source code for a DMS workflow library called APSDMSWorkflow. This file can be built and configured into the SiteMinder Policy Server to intercept updates to the user's password. The library will ensure that no passwords are saved that do not conform to the formatting requirements imposed by APS.
The library is provided in source as a sample only. CA Support cannot support any custom code derived from this source.
DMS2 supports a single workflow library, yet many sites need to perform their own workflow. Thus, the APS workflow is provided as sample source to show how to make the APSAPI call. Sites can then incorporate this sample code into their own workflow libraries, if desired.
Note: Prior to APS Version 4.2, this library was only supplied in binary form. The APS installer does not delete the prior version to prevent destroying a working system. However, be aware that any pre-existing copy of APSDMSWorkflow.dll or libAPSDMSWorkflow.so are not part of the APS product.
Please refer to DMS Manual Chapter 7 of "Using DMS" for managing any user account as a Super Administrator or as an Organizational Administrator.
In the Managing Users Screen, after selecting a user account, you can press the button "APS Information" for the APS Information (and also enabling & disabled users).
The field names and the handling (R= Read, W= Write, C= Clear) properties of each of the APS attributes of LDAP Schema and Storage are mentioned in the following table.
|
APS Attribute |
Prompt |
Handling Props. |
Comment |
|
smapsBaseDate |
Base Date |
RW |
Can only set to the current date |
|
smapsLastLogin |
Last Login |
R |
|
|
smapsPreviousLogin |
Previous Login |
R |
|
|
smapsImmediateChange |
Immediate Change |
RWC |
Can clear or set to a string that will be a comment that includes the date set |
|
smapsDisableUntil |
Disable Until |
RWC |
Date, time and reason |
|
smapsDisableAfter |
Disable After |
RWC |
Date, time and reason |
|
smapsLastPasswordChange |
Last Password Change |
R |
|
|
smapsFailureCount |
Failure Count |
RW |
Just clear, but clear is not to an empty value. |
|
smapsLoginHistory |
Login History |
R |
Will show number of entries and "Select to View" button |
|
smapsExpirePasswordDays |
Expire Password Days After |
RWC |
Number of days and comment |
|
smapsAccountInactivityDays |
Account Inactivity Days |
RWC |
Number of days and comment |
|
smapsGraceLoginsUsed |
Grace Logins Used |
R |
|
|
smapsMustLoginBy |
Must Login By |
RWC |
Date, time and comment |
|
smapsGenerationalRedirects |
Generational Redirects |
R |
Shows the number of entries and a "Select to View" button. |
|
smapsFailuresSinceLastLogin |
Failures since Last Login |
R |
|
|
smapsFailuresSincePrevious |
Failuressince Previous Login |
R |
|
|
smapsMaxFailures |
Maximum Failures |
R |
|
|
smapsTotalLogins |
Total Logins |
R |
|
|
smapsTotalFailures |
Total Failures |
R |
|
|
smfpsLog |
FPS Log |
R |
Shows number of entries and "Select to View" button |
|
smfpsLockoutCounter |
FPS Lockout Counter |
RC |
Cleared to re-enable FPS for accounts |
|
smapsNextAction |
APSExpire trigger |
C |
ALWAYS clear |
Note: The prompts that appear in the default set up are for English-US Locale (as defined in the file dms_en_US.properties).
If the user account is disabled, the screen will display a message "User is Disabled".
It will also show why the user account is disabled and that may happen in the following two ways.
If you want to enable the account, you can do it in either in the following ways:
Note: The date and time displayed in the DMS UI pages are all in local time, though the date and time are stored as GMT in the LDAP.
The Field names that are appeared in the default set up are for English US Locale (as defined in the file dms_en_US.properties). If the users want to change it, they need to define their own locale and the locale file should be present in
working-dir/DMS/properties/default/locale
Please refer to DMS Manual, Chapter 8 of "User Registration with Forgotten Password Support," for setting up for self-registering a user.
If the user is redirected to the correct fcc file, upon clicking on the link "Click here to register as a new user", the registration form will open with the questions that are defined in the property.
The value for the key "pick" signifies the number of questions to be picked.
The value for the key "questions" signifies the number of questions needed to be displayed.
The rest has the structure like QID = The Actual Question where QID is the question identifier and could be any value.
If the admin need to restrict a question to be displayed for a user while registering a new user, the admin may put a "*" in the beginning of any QID.
Do not put a "*" in the beginning of the key pick and/or questions.
Please follow the sample property file as a guideline.
In the forgottenpassword.jsp file for Language=English and Country=USA, the default lines are as follows:
<jsp:setProperty name="table" property="language" value="en"/> <jsp:setProperty name="table" property="country" value="US"/>
For example, if the user wants to customize for Language=French and Country=Canada, these lines would be like this:
<jsp:setProperty name="table" property="language" value="fr"/> <jsp:setProperty name="table" property="country" value="CA"/>
Please note then the name of the property file would be questions_fr_CA.properties.
In the APS.cfg file under [Verify], for the keyword Initial specify the special instruction as format=B. For example,
Initial=*SecretQuestion=carlicense[format=B,Pick=2,sorted]
|
Copyright © 2014 CA.
All rights reserved.
|
|