Regardless of the credential collection method, you can configure one global password policy that applies to all Access Manager-protected resources (using the Password Policy Validation Module in the authentication scheme).
The relevant URLs for the credential collector and related forms must be specified as outlined in Table 24-3.
Table 24-3 Specifying Credential Collectors and Related Forms for Authentication
In the . . . | For the ECC . . . | For the DCC . . . |
---|---|---|
OAM Agent Registration DCC Only |
N/A. |
Check the box beside Allow Management Operations in the OAM Agent registration page. See Also: "Enabling DCC Credential Operations" |
login, error, and password pages |
Pages where the user enters credentials arrive out of the box on the OAM Server and require no additional settings or changes.
|
Dynamic pages for general login/logout and password policy with the DCC are excluded automatically through the OHS See WebGate host directories
Perl Scripts for DCC-based Login and Logout The path name of the Perl executable must be updated in Oracle-provided Perl scripts on the WebGate host See Also: Table 22-5 |
Password Policy, Password Service URL |
The Default/ECC password page is used automatically: Password Service URL for ECC: See Also: "Defining Your Global Password Policy" |
Enter the DCC password page: Password Service URL for DCC: See Also: "Locating and Updating DCC Forms for Password Policy" |
User Identity Store |
The user data object definition in the Access Manager schema is extended with attributes that enable password user status and password history maintenance. This definition is provided in an LDIF file, and must be added to each user identity store using the |
Same for both DCC and ECC: See Also: |
Password Policy Validation Authentication Module |
Enter the Default Store as the KEY_IDSTORE_REF for each of the three plug-ins / steps (with an Error redirect on Failure): See Also: |
Same for both DCC and ECC: |
Authentication Scheme, Challenge Redirect URL |
Enter the Credential Collector host:
See Also: "Configuring the PasswordPolicyValidationScheme" |
Enter the Credential Collector host:
See Also: "Configuring the PasswordPolicyValidationScheme" |
Authentication Scheme, Challenge URL |
Enter the Credential Collector login form relative URI:
See Also: "Configuring the PasswordPolicyValidationScheme" |
Enter the Credential Collector login form relative URI:
See Also: "Configuring the PasswordPolicyValidationScheme" |
Authentication Scheme, Challenge Parameters |
ECC: User-defined Challenge Parameters:
See Also: |
DCC: User-defined Challenge Parameters:
See Also: |
Server Error Mode |
Same for both DCC and ECC. See: "Setting the Error Message Mode for Password Policy Messages" |
Same for both DCC and ECC. See: "Setting the Error Message Mode for Password Policy Messages" |
Authentication Policy |
Credential collectors in authentication policies:
See Also: "Adding Your PasswordPolicyValidationScheme to ECC Authentication Policy" |
Credential collectors in Authentication Policies: DCC Separate from Resource Webgate:
See Also: "Adding PasswordPolicyValidationScheme to Authentication Policy for DCC" |
Logout Configuration |
ECC: In the protecting (Resource) Webgate Agent registration, configure the |
DCC:
See "Configuring Logout When Using Detached Credential Collector-Enabled WebGate" |