pjagadesh Absent Member.
Absent Member.
1453 views

SSPR 4.1 Query and possiblities

Hi,

We have a plan of implementing NetIQ SSPR for one of our client. And we some of the requirements as below.

1. The response values should be stored in eDirectory
2. And password reset should happen in AD.

Is there any way to accomplish the above scenario. Could anyone point me to the right place to get this completed.

Thanks in advance
0 Likes
9 Replies
Knowledge Partner
Knowledge Partner

Re: SSPR 4.1 Query and possiblities

I do not believe that is possible. You can have SSPR store
challenge/response information outside of the directory for which it is
configured, but it is only configured for one directory. Having two
authoritative directories for authentication information is a bit weird;
care to explain the business case behind that?

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
pjagadesh Absent Member.
Absent Member.

Re: SSPR 4.1 Query and possiblities


Thanks for the confirmation.

Earlier same was proposed to client. Somehow there are ready to sync the
password from eDir to AD.

As i am new to be working in SSPR, i need to implement OTP configuration
for Forgot password module.

For this we need a Advance authentication framework?

Could anyone point me to the right place to complete this.
Even an approach would be appreciated.

Thanks in advance


--
pjagadesh
------------------------------------------------------------------------
pjagadesh's Profile: https://forums.netiq.com/member.php?userid=6315
View this thread: https://forums.netiq.com/showthread.php?t=57561

0 Likes
Knowledge Partner
Knowledge Partner

Re: SSPR 4.1 Query and possiblities

I don't think that is possible.

Your opinion as I see it is
1. Store the answers in an external database and do the password reset in ad.

2. Store the answers and do the password reset in Ad.

3. Store the answers and do the password reset in eDir, then synchronize the password to ad with idm if you have it.
0 Likes
pjagadesh Absent Member.
Absent Member.

Re: SSPR 4.1 Query and possiblities


joakim_ganse;275943 Wrote:
> I don't think that is possible.
>
> Your opinion as I see it is
> 1. Store the answers in an external database and do the password reset
> in ad.
>
> 2. Store the answers and do the password reset in Ad.
>
> 3. Store the answers and do the password reset in eDir, then
> synchronize
> the password to ad with idm if you have it.
>
>
> --
> joakim_ganse
> ------------------------------------------------------------------------
> joakim_ganse's Profile:
> https://forums.novell.com/member.php?userid=6236
> View this thread: https://forums.novell.com/showthread.php?t=502895


Thanks for the confirmation.

Earlier same was proposed to client. Somehow there are ready to sync the
password from eDir to AD.

As i am new to be working in SSPR, i need to implement OTP configuration
for Forgot password module.

For this we need a Advance authentication framework?

Could anyone point me to the right place to complete this.
Even an approach would be appreciated.

Thanks in advance


--
pjagadesh
------------------------------------------------------------------------
pjagadesh's Profile: https://forums.netiq.com/member.php?userid=6315
View this thread: https://forums.netiq.com/showthread.php?t=57561

0 Likes
Knowledge Partner
Knowledge Partner

Re: SSPR 4.1 Query and possiblities

Advanced authentication in not required for sspr or synchronization of passwords between ad and edirectory.

To synchronize the password you use idm, standard edition is enough.

Set up idm to synchronize users with their passwords.

Then you can set up sspr and follow the documentation and wizard to set it up for edirectory.
0 Likes
Knowledge Partner
Knowledge Partner

Re: SSPR 4.1 Query and possiblities

0 Likes
pjagadesh Absent Member.
Absent Member.

Re: SSPR 4.1 Query and possiblities

joakim_ganse;2453633 wrote:
Documentation is here:
https://www.netiq.com/documentation/self-service-password-reset-41/sspr-install/data/bookinfo.html


For configuring OTP, we need Advanced Authentication Framework?
0 Likes
Knowledge Partner
Knowledge Partner

Re: SSPR 4.1 Query and possiblities

No need for advanced authentication for otp.
SSPR can use Google authenticator for otp or sms directly.

You have other options with advanced authentication and you might want it. It is a great product. So it depends on your requirements.

I would set up an sspr in test first to see what it can do alone before telling what is needed /required /wanted.
0 Likes
Knowledge Partner
Knowledge Partner

Re: SSPR 4.1 Query and possiblities

On 3/28/2017 8:56 AM, pjagadesh wrote:
>
> joakim_ganse;2453633 Wrote:
>> Documentation is here:
>> https://www.netiq.com/documentation/self-service-password-reset-41/sspr-install/data/bookinfo.html

>
> For configuring OTP, we need Advanced Authentication Framework?


It depends. SSPR has an OTP method that emails or sends via SMS a one
time password. Of course, you need an SMS gateway, or SMTP server.

Advanced Auth offers many more options beyond these two simple ones.

Amusingly confguring SMS happens in 3 or 4 different places, whch all
make sense once you have done it successfully, but take a bit to track
down all the places.


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.