SPEUserPages Configuration Object
The following table lists the major attributes in the SPEUserPages configuration
object. Edit this object to change when to send notification emails, how to
handle password resets, or integrate the user pages with Access Manager or
similar product.
Attribute
|
Description
|
enrollment
|
Controls enrollment options. This attribute contains the following subattributes:
-
validation.enabled— If true,
the validation page is displayed and the user must verify his relationship
with the provider. The default is true.
-
privacypolicy— If true,
the user must accept the privacy policy before completing the registration.
The default is true.
|
lookup-attributes
|
A list of attributes that are used to retrieve a user’s ID or
password. By default, the user’s homephone and email attributes are used, but any attribute defined as an Identity
System User Attribute in the schema map for the resource may be used.
This attribute contains the following subattributes:
-
name— The name of the attribute to
use to look up the user.
-
title— The message key of the title
to display for the lookup user form.
-
required— A boolean indicating whether
the attribute is required in the lookup user form.
|
notification
|
Indicates when an e-mail notification should be sent to the user. This
attribute contains the following subattributes. The possible values for these
subattributes are true and false.
The notification values are
-
emailchange
-
lockout
-
passwordchange
-
questionchange
-
recovery
-
registration
-
useridchange
|
password
|
Specifies how password resets should be handled. This attribute contains
the password-reset subattribute, which must be set to one
of the following values:.
-
self— The user can reset his or her
password if all the challenge questions have been answered correctly
-
notification— The user is sent a
temporary password to the notification address if all the challenge questions
have been answered correctly.
|
sso-assume-authenticated
|
If set to true, the AuthFilter will not redirect
to a login page. However, for auditing purposes, the filter requires a user
name to associate with each request. Normally, this username is stored on
the HTTP session by the login pages. However, since the login pages are not
used in an SSO environment, the username is pulled from an HTTP header attribute.
|
sso-user-name-http-header-attr
|
Specifies the name of the HTTP header attribute to use.
|
The following table lists the default values of the notification attribute
and its corresponding email template. The email templates can be edited from
the Waveset Administration Interface, but the preferred method of
changing the subject and body of the email is to modify the messages in the
IDMXMessages.properties file to the desired text.
Notification Value
|
Email Template
|
emailchange
|
Service Provider End-User Change Notifications
Service Provider End-User Change Notifications Old Address
|
lockout
|
Service Provider End-User Profile Locked
|
passwordchange
|
Service Provider End-User Change Password
|
passwordreset
|
Service Provider End-User Password Reset
|
questionchange
|
Service Provider End-User Authentication Answers Updated
|
recovery
|
Service Provider End-User Username Recovery
|
registration
|
Service Provider End-User Registration Template
|
useridchange
|
Service Provider End-User Change User Id
|
Note – For the emailchange option, notification is sent to both the new
and old e-mail addresses.