Basic Forgotten Password Services Configurations for IIS:
1. Extend User Directory schema to include APS attributes (<siteminder>\APS_Docs directory):
· Run the APSExpire utility [APSExpire JOBONE –v –A] against the user directory after schema is updated. APSExpire will update all of the users in your directory, initializing the smapsBaseDate and smapsNextAction attributes
· Ensure that every new user is created with the objectclass that allows access to the new attributes
2. Create FPS virtual directory
· IIS – enable CGI-exe module from Handler Mappings, add and allow Forgot.exe (<webagent>\win32\bin\Web\FPS\Forgot.exe) to the ISAPI and CGI Restrictions
3. Rename smaps.rename4aps.dll to smaps.dll (<siteminder>\bin)
4. Edit APS.cfg:
· The Directory setting specifies the directory that FPS will search for users. Only a single directory is supported for FPS.
· Enable/ disable audit logging for FPS activity.
· You can opt to define different query to be used specifically for APS. It overrides the query by the same name defined in SiteMinder.
5. Edit SmPortal.cfg:
· Define the Policy Server IP address (MyServer.ip)
· Note the Agents defined in this file and create the same name 4.x agents in Policy Server
6. To test forgotten password services, access http://<webserver hostname>/fps/identify.asp
NOTE: Before running APSExpire utility, please update APS.cfg JOBONE parameter:
· LDAP – IP address, network name or SiteMinder User Directory name of an LDAP directory defined to SiteMinder through the Policy Interface
· ODBC - DSN name or the SiteMinder User Directory name of an ODBC user directory defined to SiteMinder through the Policy Interface