We are running an IDM User Application that services internal employees
as well as external clients and does a very good job in letting us
partition pages etc affording to base DN.

In implementing the new SSPR is here a way to configure the app to have
one set of users (external clients) not be required to set or answer
challenge responses and receive e-mail tokens for changing a forgotten
password but also in the same application, have internal users be
required to set up and answer challenge responses for resetting a
forgotten password? You can set different base DNs or profiles to apply
to some of the modules but forgotten password doesn't seem to have the
capability to provide a different mechanism for a different set of

If this is not possible to do:

1- can you run multiple instances of sspr under the same tomcat
instance? (IE renaming the war file and deploying)
2- Even if you have multiple instances how do you handle the Forgot
Password link on the login form for the Userapp? How would you send
internal users to one sspr instance and external users to another?

Thanks for any insight that can be given.

rreid's Profile: https://forums.netiq.com/member.php?userid=396
View this thread: https://forums.netiq.com/showthread.php?t=53338