none
FIM R2 - OTP Extranet gate execution logic

    Pergunta

  • Hi,

    We are testing FIM R2 SSPR OTP Email gate in our lab environment. I've configured the OTP Email gate to execute only for "Extranet" requests. So my understanding is that only password reset requests that originate from outside our network will have the OTP security code emailed to them and users on our internal network will not have to go through the OTP security code.

    However, I've noticed that the OTP security code is still emailed to the user which attempt the password reset from inside our network. I even tried it from the password reset portal server itself and it still it sent out the security code and wanted it to be entered for the password reset. So I'm wondering what exact logic is FIM using to determine that the request is originating from extranet? Am i missing something in my configuration?

    Our FIM setup is: Password Reset & Registration Portal on Server1, FIM portal + FIM Service + FIM Sync on Server2, FIM DB on Server3. And both Server1 & Server2 are on the same subnet.

    Thanks,

    Parm

    quinta-feira, 29 de agosto de 2013 15:45

Respostas

  • If your registration and reset portal are configured as internal and you are just NATing them to Internet, then they are still internal as far as FIM is concerned. you have to specify internal vs. external when you do the actual registration and reset portal installation. Therefore, you must have separate installations for internal vs. external.

    Mark


    Mark Creekmore - BlueVault Software http://www.bluevaultsoftware.com

    • Marcado como Resposta ParmS quinta-feira, 29 de agosto de 2013 16:52
    quinta-feira, 29 de agosto de 2013 16:24

Todas as Respostas

  • If your registration and reset portal are configured as internal and you are just NATing them to Internet, then they are still internal as far as FIM is concerned. you have to specify internal vs. external when you do the actual registration and reset portal installation. Therefore, you must have separate installations for internal vs. external.

    Mark


    Mark Creekmore - BlueVault Software http://www.bluevaultsoftware.com

    • Marcado como Resposta ParmS quinta-feira, 29 de agosto de 2013 16:52
    quinta-feira, 29 de agosto de 2013 16:24
  • Thanks for replying Mark. I didn't realize that you cannot have a shared SSPR Portal server for extranet & intranet users if you plan on applying some extra gates to extranet users only.

    If I understand it correctly, the extranet vs intranet determination is based on what you select at the time of SSPR portal installation (portal hosted on IIS site accessed by extranet / only intranet users)? And based on this selection the requests are tagged as originating from extranet/intranet.

    Parm

    quinta-feira, 29 de agosto de 2013 16:46
  • Yes, That's correct.

    Mark


    Mark Creekmore - BlueVault Software http://www.bluevaultsoftware.com

    quinta-feira, 29 de agosto de 2013 16:49
  • Thanks for your help Mark. Time for us to look into setting up another SSPR Portal Server to service intranet users only then.

    Parm
    quinta-feira, 29 de agosto de 2013 16:53