SSPR supports basic authentication. If an http Authorization header is present, SSPR uses the credentials in the header to authenticate the user.
Some parts of SSPR, such as the forgotten password modules and new user registration, must be publicly accessible. To support this, configure the URLs as public or restricted by your proxy or gateway configuration.
For example, assume that SSPR is set up so that the user enters the following URL for access:
http://password.example.com/sspr
You can configure the URL to be public or restricted as follows:
Table 5-1 Adding Protected URLs to SSPR
URL |
Mode |
---|---|
password.example.com/* |
Public |
password.example.com/sspr/private/* |
Restricted |
password.example.com/sspr/admin/* |
Restricted |
password.example.com/sspr/config/* |
Restricted |
If your access gateway supports it, you should configure the gateway to redirect to SSPR if the password expires.
http://password.example.com/sspr/private/ChangePassword?passwordExpired=true