SSPR SMS OTP Registration 3004 Error

Ask a question

Friday, January 25, 2013 2:03 PM

0
Hi guys,

So I set up SSPR QA-gate and with a different set SMS-OTP. Using a custom attribute I let users decide in which set they are transitioned. So far so good!

When registering on the SMS OTP I get the following permission error:

The error page was displayed to the user.
Details:
Title: Unauthorized User
Message: You are not authorized to register for password reset. Please contact your help desk or system administrator. (Error 3004)
Source:
Attributes:
Details: Microsoft.IdentityManagement.CredentialManagement.Portal.Exceptions.NotAuthorizedException: Expected authentication.
at Microsoft.IdentityManagement.CredentialManagement.Portal.Common.RegistrationProxy.GetNextChallenge(String domain, String username, ChallengeContext gateChallengeResponse, FaultExceptionHandlerDelegate faultExceptionHandler)
at Microsoft.IdentityManagement.CredentialManagement.Portal.Components.RegistrationDriver.InitiateRegistration()
at Microsoft.IdentityManagement.CredentialManagement.Portal.Registration.Next()
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
CorrelationId:
RequestId:
ErrorCode: 3004
CaughtTime: 01/25/2013 14:56:00

Web Portal: FIM Password Registration Portal
Session Id: 5vjeeh55ittajs2zu04p33ib
IP Address: 10.0.176.211

----------------------------------

I noticed that Administrators COULD register, so I added a MPR which gives users from the SMS Set permission to READ All Attributes from All Objects.

With this MPR enabled I can register normal users for registration. But this is not safe, I don't want the users to read other objects.

So my question states: What attribute is needed/red while registering for SMS OTP?

Thanx!
- Edited by Vvouterr Friday, January 25, 2013 2:04 PM
- Edited by Vvouterr Friday, January 25, 2013 2:04 PM
- Edited by Vvouterr Friday, January 25, 2013 2:04 PM
- Edited by Vvouterr Friday, January 25, 2013 2:05 PM
- Edited by Vvouterr Friday, January 25, 2013 2:05 PM
- Reply
- Quote

All Replies

Friday, January 25, 2013 5:28 PM

0

The FIM SSPR Deployment Guide describes exactly which MPRs and attributes to configure for custom SSPR workflows. I'll followed the instructions and they work well, but are a little long for reposting here.
Steve Kradel, Zetetic LLC SMS OTP for FIM | Salesforce MA for FIM
- Reply
- Quote
Thursday, January 31, 2013 9:26 AM

0

You mean this guide? (http://technet.microsoft.com/en-us/library/hh824692(v=ws.10).aspx)

Because Microsoft's deployment guides go from the assumption that you are adding SMS OTP to the existing workflows, MPR's & sets. I'm starting from zero, and they are not made for that. That's why I asked here :)
- Reply
- Quote
Thursday, January 31, 2013 9:55 PM

0

http://technet.microsoft.com/en-us/library/hh826057(v=ws.10)

Thats what you are looking for :)
Regards Furqan Asghar
- Reply
- Quote
Thursday, January 31, 2013 10:06 PM

0

Close but not quite... I mean the really big guide to deploying FIM Password Reset: http://www.microsoft.com/en-us/download/details.aspx?id=29959

This guide describes exactly how to configure new Password Authorization Workflows for different sets of users, how to hook up the MPRs, etc. It is a much superior reference compared to any of the webpage SSPR guidance.

Steve Kradel, Zetetic LLC SMS OTP for FIM | Salesforce MA for FIM
- Reply
- Quote

SSPR SMS OTP Registration 3004 Error

All Replies

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support by product

Other support links

Not an IT pro?