Anonymous_User Absent Member.
Absent Member.
482 views

CLE: "Force user for challenge response enrollment"


Is the Client Login Extension (CLE) option to "Force user for challenge
response enrollment" (their extra 'l', not mine! 😉 dependent on any
specific versions/configuration?

I am trying to force enrolment from a Win7SP1Pro client with
CLE_3.8_HF1_3 to an SSPR v3.2.0.1 configured against an eDirectory
identity vault. The machine authenticates against AD and passively
against the production eDirectory, which both synchronised via the
identity vault.

I have performed "Configuring SSPR for the Client Login Extension
Integration
Launch SSPR, in the Configuration Editor page, click Settings >
Integration/Developer > Enable External
Web Services."

On my test machine I can get the pre login Forgotten Password to work
for an 'enrolled user', etc. However when a 'non enrolled user' logs in
there is no sign of a forced enrolment.... I was expecting the
enrolment web page to pop up...

Cheers
David


--
djbrightman
------------------------------------------------------------------------
djbrightman's Profile: https://forums.netiq.com/member.php?userid=1524
View this thread: https://forums.netiq.com/showthread.php?t=52396

0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: CLE: "Force user for challenge response enrollment"

Off-topic: http://grammarist.com/spelling/enrol-enroll/

Ironic the use of 'enrolled' by you later in the thread... 😉

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: CLE: "Force user for challenge response enrollment"


So, thinking a bit more about this...
It is probably because CLE is looking for one of the PWM attributes on
login/auth and that the user isn't actually logging into the identity
vault....
So, I guess we need to either move SSPR to run against either the
production eDirectory or AD OR we could just extend schema is one of
those two use IDM to sync the required pwm attribute through...

Does this sound about right? If so, does anyone know which pwm
attribute CLE might be checking against?

Cheers
David


--
djbrightman
------------------------------------------------------------------------
djbrightman's Profile: https://forums.netiq.com/member.php?userid=1524
View this thread: https://forums.netiq.com/showthread.php?t=52396

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.