Password Services provide an additional layer of security to protected resources by allowing you to manage user passwords in LDAP user directories or relational databases. To manage user passwords, you create password policies that define rules and restrictions governing password expiration, composition, and usage.
In addition to managing passwords, Password Services enables users to select their own passwords:
The password policy ensures that the user will select a valid password without additional administrative involvement.
When Password Services are active, SiteMinder invokes a password policy whenever a user attempts to access a protected resource. Password Services then evaluates the user’s credentials. If the user’s password has expired based on criteria defined in the password policy, the user’s account can be disabled to prevent unauthorized access to the resource or the user can be forced to change his password. If disabled, the user’s account must be re-activated by an administrator.
Password policies can be associated with an entire user directory or database, or a subset of the directory or database, called a namespace. Multiple password policies can be configured for the same user directory or namespace, in which case they are applied according to priorities you can specify for them.
Password Services provides three mechanisms for implementing password services:
(Deprecated) Password Services CGI with customizable HTML forms.
(Default) Password Services FCC with customizable HTML forms.
Note: For more information about FCC-based Password Services, see the Web Agent Configuration Guide.
Password Services servlet with customizable JSP forms.
Copyright © 2012 CA.
All rights reserved.
|
|