by IDAMGroup
CA Siteminder Change Password
How to configure Change Password using Siteminder Policy Server
This post will guide you to configure Siteminder Policy Server for “change password” use case. This is a straight forward setup.
Version: CA Siteminder r12.51
Three steps to complete this setup
- Adding password attributes in the Policy Server configuration user store
- Create Password Policy in the Policy Server
- Add the change password URL in the HTML page
Adding password attributes in the policy server user store configuration
In the Siteminder policy server Admin console add two attributes in the User Store configuration
Infrastructure–> Directory–> User directory
Password (RW)
Your actual password attribute for the user store. In my case i am using Novell eDirectory and its password attribute is “userPassword”
Password Data (RW)
Is where your old passwords will be stored (history of password). I have created a new attribute “testsm” in Novell eDirectory.
Create Password Policy
Policies-> Password–> Password Policies
Create new Password policy
In the User Directory Information , select the user Directory where you added the two attributes “Password” and “Password Data“
Then select “Password policy applies to part of the directory and select the container. In my case all my users are under “ou=users” container
Submit the changes
Add the Change Password URL
Edit your login page or main page and add the below URL
http://<domainname>/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=34&SMAGENTNAME=&TARGET=<target URL >
example
<a href=”http://webone.mysitea.com:82/siteminderagent/forms/smpwservices.fcc?SMAUTHREASON=34&SMAGENTNAME=webone_agent&TARGET=http://webone.mysitea.com:82/finance/index.html”>Change Password</font></a>
Note: SMAUTHREASON 34 for Password Change
Once you click this Change password link you will be redirect to the smpwservices.fcc page
Enter the current user name and old and new password to successfully change the password.
Note: If you have password policy configured in user directory, the Password Policy in the Policy server should be stronger than the password policy in the User Directory.
---------------------------------------------------------------------------------------------------------------------------------------------
Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.