Hi,

Setup:
SSPR 3.3.1.2 on windows 2012
Protected by NAM 4.1
NAM path-based proxy service for /sspr to port 80 on the SSPR server
3 protected resources:
resource 1 - /sspr/public/* - public resource i.e. no authentication
contract
resource 2 - /sspr/private/* - protected resource by authentication
contract
resource 3 - /sspr/private/admin/* and /sspr/private/config/* -
protected by authentication contract and authorisation policy to ensure
only sspr-admin group have rights to manage admin components.
The authentication contract is configured to call the CommandServlet
checkexpire during login, but the issue below occurs whether Change
Password is accessed by the CommandServlet call or if user reaches
Change Password via ForgottenPassword.

Using Change Password and testing password policy by trying multiple
passwords to confirm the password checker is correctly checking password
conforms with 2008 complexity and not accepting passwords which are in
the wordlist etc.
When accessing change password locally on the SSPR server (i.e. not
using NAM) can try 50 different passwords without issue.
When accessing change password via a NAM protected path-based url e.g.
https://qa.example.biz/sspr/public/ChangePassword the first few
passwords will be checked successfully then the system will report a
5015 error like below:

18 March 2016 21:06:55 GMT, ERROR, rest.RestCheckPasswordServer,
{bhl,PST0840} 5015 ERROR_UNKNOWN (unexpected error executing web
service: null) [10.128.193.12] (stacktrace follows)
java.lang.ArrayIndexOutOfBoundsException

18 March 2016 21:06:44 GMT, ERROR, rest.RestCheckPasswordServer,
{bhl,PST0840} 5015 ERROR_UNKNOWN (unexpected error executing web
service: null) [10.128.193.12] (stacktrace follows)
java.lang.ArrayIndexOutOfBoundsException

Do I need whitelist redirects?

Would I be better to not protect SSPR by NAM or is there additional
configuration I might be missing in NAM or SSPR to make the two to work
together?
Thanks
Mark


--
ratclma
------------------------------------------------------------------------
ratclma's Profile: https://forums.netiq.com/member.php?userid=7886
View this thread: https://forums.netiq.com/showthread.php?t=55574