Custom Password Services Directory Considerations for CGI or Servlet

Policy Server Guides › Policy Server Configuration Guide › Password Policies › Password Services Overview › Custom Password Services Directory Considerations for CGI or Servlet

Custom Password Services Directory Considerations for CGI or Servlet

Setting up a custom Password Services directory on a non-default web server requires you to:

Copy the smpwservicescgi.exe to a location accessible by the non-default web server.
The CGI extracts an agent_path from the Redirect URL to replace the default /siteminderagent/pw path.
Create two virtual directories: pw and pwcgi.
The latter is a CGI directory. For example:
- <custom directory>/pwcgi
- <custom directory>/pw

When a user is redirected to the Password Services CGI or servlet, it takes the information from the Policy Server, determines why the password is invalid, and displays a form that provides information or requests additional credentials from the user.

Make sure that the Password Services CGI or servlet is not protected. If SiteMinder is protecting directories above the servlet, create a realm that specifies the following:

Resource Filter if using CGI: siteminderagent/pwcgi/smpwservicescgi.exe
Resource Filter if using Servlet: siteminderagent/pwservlet/PSWDChangeServlet
Default Resource Protection: Unprotected

Do not create a policy for this realm.

Note: If a user who is accessing resources through an Agent that is not using an SSL connection must change passwords, the user’s new password information will be received over the non-secure connection. To provide a secure change of passwords, set up a password policy that redirects the user over an SSL connection using the Redirection URL field.