IDM / Self-service features: credential management / forgot password, registration

By: Ezequiel Sandoval user 23 Jun 2016 at 12:48 p.m. CDT

1 Response
Ezequiel Sandoval gravatar
Hello Community! We are working with a customer who wants to have certain functionalities separately from Gluu server box (and not accesible for final users): - Reset credentials (change password) - forgot my password - user self-registration (social-network method and classic forms method) - user attributes edition Now, we have some questions about 'what can be the best approach' to resolve these bullets. should be a 'custom self-service module' calling GLUU's SCIM endpoint a good approach? In my understanding SCIM should be used for administrative tasks, not for final users. if we develop this custom tool, are we going to lose functionality from Gluu server like a 'User registration' scripting? Any help, comment or better solution/approach to solve this problem would be appreciated.
Rhel72
closed

Answers

By Michael Schwartz Account Admin 23 Jun 2016 at 1:15 p.m. CDT

Copy
Michael Schwartz gravatar
1) For "Password Reset", I think your design should anticipate multiple types of authetnication... For Credential Management, we are working on a web application for this that handles U2F credential management. [Cred Manager](https://github.com/GluuFederation/cred-mgr) Is an application we're working on... you can see the [balsamiq mockup](https://github.com/GluuFederation/cred-mgr/blob/master/doc/mockup/cred_mgt.png) This is not done, and is waiting on some updates for oxAuth to send the "Authentication Level" as an 'arm' value, and to publish a mapping of amr:acr in the OpenID Connect discovery endpoint. 2) In terms of user management, if you want to write your IDM... I think you're right about calling the SCIM endpoints. Remember, you can use LDAP too! 3) There is an open source IDM tool called [Evolveum Midpoint](https://evolveum.com/midpoint/) which has most of these features + governance functionality. There are also commercial solutions like [Sailpoint](http://sailpoint.com)

Post an answer