Web Agent Guides › Web Agent Configuration Guide › Manage Password Services › Supported Approaches for Using Password Services with Web Agents › Configure FCC Password Services
Configure FCC Password Services
FCC Password Services is configured much like the CGI or JSP versions—a SiteMinder Administrator needs to configure password policies that are associated with a user directory or namespace. However, the Redirection URL field that you are required to configure must be set to a relative path for the smpwservices.fcc. This path is:
/siteminderagent/forms/smpwservices.fcc
The redirection path ensures that FCC Password Services works correctly.
Note: For more information, see the Policy Server documentation.
How to Enable User-Initiated Password Changes when using the SiteMinder X.509 Certificate and Basic Authentication Scheme
You can configure the FCC Password services features of SiteMinder to allow users to change their own passwords. The SiteMinder X.509 Certificate and Basic authentication scheme requires a password-change URL that starts with the HTTPS protocol.
Follow these steps:
- Confirm that your user directory contains attributes that support Password Policies.
- Use the Administrative UI to do the following tasks:
- Create an FCC-based password policy and protect the resources that you want.
- Configure the password policy to allow authorized users to change their passwords.
- Create a password change URL that includes the following parts:
- The HTTPS scheme (protocol).
- The FQDN of the logon server (example: http:logonserver.example.com).
- The URI of the FCC-based Password services (example: siteminderagent/forms/smpwservices.fcc?).
- The name of the SiteMinder Web Agent (SMAGENTNAME).
- One of the following target URLs:
- For password-change URLs embedded in FCC pages, use the relative values for the (SMAGENTNAME) and (TARGET) sections, as shown in the following example:
<a href="https:logonserver.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=
34&SMAGENTNAME=$$smencode(smagentname)$$&TARGET=$$smencode(target)$$">Change Password</font></a>
- For password-change URLs not embedded in FCC pages, hard-code the name of your SiteMinder Agent for the (SMAGENTNAME) section. Then hard-code a fully qualified domain name value for the (TARGET) section, as shown in the following example:
<a href="https://logonserver.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=34&SMAGENTNAME=Agent1&TARGET=https://logonserver.example.com/protected/myprotectedpage.html">Change Password</font></a>
- Embed the password-change URL (from Step 3) as a link in one or more unprotected web pages.
- Test the password change function with the following steps:
- Display a web page that has the password change link you created in Step 3.
- Click the password change link.
The password change form appears.
- Fill out the password change form and submit it.
A confirmation page appears with a link to the protected target resource.
- Click the link and verify that the resource appears.
- Close and reopen your browser. Try to access the protected resource using your new password.
If you can access the resource with your new password, the password change is successful.
How to Enable User-Initiated Password Changes with FCCs
You can configure the FCC Password services features of SiteMinder to allow users to change their own passwords whenever they want.
Note: Use the following process only if your SiteMinder Web Agent configuration also has the value of the SecureURLs parameter that is set to no.
To enable user-initiated password changes with FCCs, use the following process:
- Confirm that your user directory contains attributes that support Password Policies.
- Use the Administrative UI to do the following tasks:
- Create an FCC-based password policy and protect the resources that you want.
- Configure the password policy to allow authorized users to change their passwords.
- Create a password change URL that includes the following parts:
- The FQDN of the logon server (example: http:logonserver.example.com).
- The URI of the FCC-based Password services (example: siteminderagent/forms/smpwservices.fcc?).
- The name of the SiteMinder Web Agent (SMAGENTNAME)
- One of the following target URLs:
- For password-change URLs embedded in FCC pages, use the relative values for the (SMAGENTNAME) and (TARGET) sections, as shown in the following example:
<a href="http:logonserver.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=
34&SMAGENTNAME=$$smencode(smagentname)$$&TARGET=$$smencode(target)$$">Change Password</font></a>
- For password-change URLs not embedded in FCC pages, hard-code the name of your SiteMinder Agent for the (SMAGENTNAME) section. Then hard-code a fully qualified domain name value for the (TARGET) section, as shown in the following example:
<a href="http://logonserver.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=34&SMAGENTNAME=Agent1&TARGET=https://logonserver.example.com/protected/myprotectedpage.html">Change Password</font></a>
- Embed the password-change URL (from Step 3) as a link in one or more unprotected web pages.
- Test the password change function with the following steps:
- Display a web page that has the password change link you created in Step 3.
- Click the password change link.
The password change form appears.
- Fill out the password change form and submit it.
If the password change is successful, a confirmation page appears with a link to the protected target resource.
- Click the link and verify that the resource appears.
- Close and reopen your browser. Try to access the protected resource using your new password.
If you can access the resource with your new password, the password change is successful.
How to Enable User-Initiated Password Changes with FCCs (SecureURLs=Yes)
You can configure the FCC Password services features of SiteMinder to allow users to change their own passwords whenever they want.
Note: Use the following process only if your SiteMinder Web Agent configuration also has the value of the SecureURLs parameter that is set to yes.
To enable user-initiated password changes with FCCs, use the following process:
- Confirm that your user directory contains attributes that support Password Policies.
- Use the Administrative UI to do the following tasks:
- Create an FCC-based password policy and protect the resources that you want.
- Configure the password policy to allow authorized users to change their passwords.
- Set the value of the ValidTargetDomain parameter to the domain of the target resource you want to protect.
- Create a password change URL that includes the following parts:
- The FQDN of the logon server (example: http:logonserver.example.com).
- The URI of the FCC-based Password services (example: siteminderagent/forms/smpwservices.fcc?).
- The name of the SiteMinder Web Agent (SMAGENTNAME)
- One of the following target URLs:
- For password-change URLs embedded in FCC pages, use the relative values for the (SMAGENTNAME) and (TARGET) sections, as shown in the following example:
<a href="http:logonserver.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=
34&SMAGENTNAME=$$smencode(smagentname)$$&TARGET=$$smencode(target)$$">Change Password</font></a>
- For password-change URLs not embedded in FCC pages, hard-code the name of your SiteMinder Agent for the (SMAGENTNAME) section. Then hard-code a fully qualified domain name value for the (TARGET) section, as shown in the following example:
<a href="http://logonserver.example.com/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=34&SMAGENTNAME=Agent1&TARGET=https://logonserver.example.com/protected/myprotectedpage.html">Change Password</font></a>
- Embed the password-change URL (from Step 3) as a link in one or more unprotected web pages.
- Open the following file on your web server:
web_agent_home/samples/forms/smpwservices.fcc
- Locate the following line:
@smpwselfchange=0
- Change the 0 (zero) at the end of the previous line to 1 (one), as shown in the following example:
@smpwselfchange=1
- Save and close the smpwservices.fcc file.
- Embed the URL you created in Step 3 as a link in one or more unprotected web pages.
- Test the password change function with the following steps:
- Display a web page that has the password change link you created in Step 3.
- Click the password change link.
The password change form appears.
- Fill out the password change form and submit it.
If the password change is successful, a confirmation page appears with a link to the protected target resource.
- Click the link and verify that the resource appears.
- Close and reopen your browser. Try to access the protected resource using your new password.
If you can access the resource with your new password, the password change is successful.
Configure SecureID Authentication with FCC Password Services
You must modify the SecureID HTML Form template using the Administrative UI if you are using SecureID as your authentication scheme and both of the following conditions exist in your environment:
- The FCC Password Services feature is configured
- The value of the SecureUrls parameter for the Web Agent is set to yes
SecureID is implemented using Password Services, which is why you must modify the authentication scheme's template.
To configure SecureID Authentication with FCC password services, add the path to the smpwservices.fcc file in the Target field of the SecureID template, as shown in the following example:
/siteminderagent/forms/smpwservices.fcc
How to Localize FCC-based Password Services Change Forms
To localize the user messages for FCC-based Password Services for another locale follow these steps:
- Create an FCC folder on the web server for a new locale or use an existing folder if appropriate for your locale. The typical naming convention for the folder is formslocale.
Note: The directories and file names that are shown could be case-sensitive, depending on your operating environment and the type of web server in use.
- Place a copy of the relevant Password Services files in the new folder.
- Modify the files to accommodate the locale, such as changing the English messages to the language for your locale. Repeat this step with all the files for the locale.
- In the Administrative UI, change the value of the Redirection URL field in the Password Policy.
For example, to use FCC Password Services for Japanese users, put a copy of the following files in the folder formsja, which is located in web_agent_home/samples:
- smpwservices.fcc, located in web_agent_home/samples/forms
- smpwservices.unauth, located in web_agent_home/samples/forms
- A new properties file, smpwservicesja.properties
Copyright © 2012 CA.
All rights reserved.
|
|