User Session Re-direction to Identity Manager with Multiple Policy Servers.

Document ID : KB000053011
Last Modified Date : 14/02/2018
Show Technical Document Details

Description

Account Lockout Re-direct to Identity Manager

Site Minder 6.0 SP5 CR14 & Identity Manager 8.1.
Sample Environment Details:

=======================
Site Minder (A) : Separate Policy Server for Web - Apps
User Store: Common for Site Minder & Identity Manager
  
Identity Manager: Has its own Site Minder (B) Policy Server
User Store: Common for Site Minder & Identity Manager
========================
 

Question:
When changing a user's password in Identity Manager with the option "Password must change" at next logon, can you re-direct Site Minder "A's" user session to Identity Manager so that the user can type a new password of his choice & re-direct back to the Site Minder (A) Web Application that user was trying to Access?

Solution

Provided that Site Minder picks up the user state from the user store correctly, Site Minder will redirect to the URL specified in a Password Policy for that user store.
If no password policy is defined, Site Minder will issue a redirect to the default password services URL which can be controlled using the NETE_PWSERVICES_REDIRECT environment variable on the policy server. By default it is a redirect to our .fcc that handles password changes: smpwservices.fcc.

The URL set for the password policy or as the default URL can be the URL to an Identity Manager task.
Site Minder includes the username in the query string which Identity Manager would have to be configured to pick up and then send the user through their change password routine.