search cancel

User Session Re-direction to Identity Manager with Multiple Policy Servers.


Article ID: 53011


Updated On:


CA Directory CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On CA Security Command Center CA Data Protection (DataMinder) CA User Activity Reporting



Account Lockout Re-direct to Identity Manager

Site Minder 6.0 SP5 CR14 & Identity Manager 8.1.
Sample Environment Details:

Site Minder (A) : Separate Policy Server for Web - Apps
User Store: Common for Site Minder & Identity Manager
Identity Manager: Has its own Site Minder (B) Policy Server
User Store: Common for Site Minder & Identity Manager

When changing a user's password in Identity Manager with the option "Password must change" at next logon, can you re-direct Site Minder "A's" user session to Identity Manager so that the user can type a new password of his choice & re-direct back to the Site Minder (A) Web Application that user was trying to Access?


Provided that Site Minder picks up the user state from the user store correctly, Site Minder will redirect to the URL specified in a Password Policy for that user store.
If no password policy is defined, Site Minder will issue a redirect to the default password services URL which can be controlled using the NETE_PWSERVICES_REDIRECT environment variable on the policy server. By default it is a redirect to our .fcc that handles password changes: smpwservices.fcc.

The URL set for the password policy or as the default URL can be the URL to an Identity Manager task.
Site Minder includes the username in the query string which Identity Manager would have to be configured to pick up and then send the user through their change password routine.


Component: IDMGR