Limiting APS to specific groups
Article ID: 367840
Updated On:
Products
Issue/Introduction
When configuring APS the question arises whether it is possible to limit it to specific groups of users in the directories
Namely the idea would be to have different password policy configurations for different groups of users.
However the documentation provides only some information about the Forgotten Password Services (FPS) of APS and it is not clear about how/if this is possible
Environment
CA SiteMinder version 12.8.X
Resolution
Password policies may be applied to certain groups/users using APS.
To do this the class definition setting as specified in APS.cfg may be used. A group may be defined using a Class and the APS pasword policy settings, for instance Minimum Length (see Password Contents settings in the APS.cfg file) may be applied to it as in the following example:
Policy1 is pw has to be 8 characters long with 2 numbers as part of it
Configuration like below
@Group1=IsLDAP() AND (IsInGroup("cn=Group1,dc=example,dc=com"))
Minimum Length={@Group1} 8
Minimum Digits={@Group1} 2
Policy 2 is pw has to 10 characters long with 2 capitalized letters...
@Group7=IsLDAP() AND (IsInGroup("cn=Group7,dc=example,dc=com"))
Minimum Length={@Group7} 10
Minimum Upper Case={@Group7} 2
Feedback
