So I set up SSPR QA-gate and with a different set SMS-OTP. Using a custom attribute I let users decide in which set they are transitioned. So far so good!
When registering on the SMS OTP I get the following permission error:
The error page was displayed to the user.
Title: Unauthorized User
Message: You are not authorized to register for password reset. Please contact your help desk or system administrator. (Error 3004)
Details: Microsoft.IdentityManagement.CredentialManagement.Portal.Exceptions.NotAuthorizedException: Expected authentication.
at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.RegistrationProxy.GetNextChallenge(String domain, String username, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
CaughtTime: 01/25/2013 14:56:00
Web Portal: FIM Password Registration Portal
Session Id: 5vjeeh55ittajs2zu04p33ib
IP Address: 10.0.176.211
I noticed that Administrators COULD register, so I added a MPR which gives users from the SMS Set permission to READ All Attributes from All Objects.
With this MPR enabled I can register normal users for registration. But this is not safe, I don't want the users to read other objects.
So my question states: What attribute is needed/red while registering for SMS OTP?
- Edited by Vvouterr Friday, January 25, 2013 2:05 PM
You mean this guide? (http://technet.microsoft.com/en-us/library/hh824692(v=ws.10).aspx)
Because Microsoft's deployment guides go from the assumption that you are adding SMS OTP to the existing workflows, MPR's & sets. I'm starting from zero, and they are not made for that. That's why I asked here :)
Close but not quite... I mean the really big guide to deploying FIM Password Reset: http://www.microsoft.com/en-us/download/details.aspx?id=29959
This guide describes exactly how to configure new Password Authorization Workflows for different sets of users, how to hook up the MPRs, etc. It is a much superior reference compared to any of the webpage SSPR guidance.