Getting Started With Basic FPS Configurations on IIS

Document ID : KB000030668
Last Modified Date : 14/02/2018
Show Technical Document Details

Basic Forgotten Password Services Configurations for IIS:

1. Extend User Directory schema to include APS attributes (<siteminder>\APS_Docs directory):

·         Run the APSExpire utility [APSExpire JOBONE –v –A] against the user directory after schema is updated. APSExpire will update all of the users in your directory, initializing the smapsBaseDate and smapsNextAction attributes

·         Ensure that every new user is created with the objectclass that allows access to the new attributes

2. Create FPS virtual directory

·         IIS – enable CGI-exe module from Handler Mappings, add and allow Forgot.exe (<webagent>\win32\bin\Web\FPS\Forgot.exe) to the ISAPI and CGI Restrictions

3. Rename smaps.rename4aps.dll to smaps.dll (<siteminder>\bin)

4. Edit APS.cfg:

·   The Directory setting specifies the directory that FPS will search for users. Only a single directory is supported for FPS.

·   Enable/ disable audit logging for FPS activity.

·   You can opt to define different query to be used specifically for APS. It overrides the query by the same name defined in SiteMinder.

5. Edit SmPortal.cfg:

·   Define the Policy Server IP address (MyServer.ip)

·   Note the Agents defined in this file and create the same name 4.x agents in Policy Server

6. To test forgotten password services, access http://<webserver hostname>/fps/identify.asp

NOTE: Before running APSExpire utility, please update APS.cfg JOBONE parameter:

·   LDAP – IP address, network name or SiteMinder User Directory name of an LDAP directory defined to SiteMinder through the Policy Interface

·   ODBC - DSN name or the SiteMinder User Directory name of an ODBC user directory defined to SiteMinder through the Policy Interface