Proxied authorization
When connecting to PingDirectory or Oracle Directory Server, configure proxied authorization for the service account on the directory server if you intend to enable self-service password reset in any HTML Form Adapter instances that use this datastore.
By configuring proxied authorization for the service account on the directory server, users are not allowed to reset their passwords if their accounts are disabled or if they were not granted permission to change their passwords.
For information on configuring proxied authorization for service accounts, see the following table.
Directory server | Reference |
---|---|
PingDirectory |
See Working with Proxied Authorization in the PingDirectory Administration Guide. |
Oracle Directory Server |
Go to Oracle’s .oracle.com/cd/E29127_01/doc.111170/e28974/security-requirements.htm//[Oracle Fusion Middleware Deployment Planning Guide] and search for "Proxy Authorization". |
Oracle Unified Directory |
Go to Oracle’s online guide https://docs.oracle.com/cd/E52734_01/oud/OUDAG/toc.htm Fusion Middleware Administering Oracle Unified Directory and search for "proxied authorization control" in its glossary. |
Microsoft Active Directory does not support proxied authorization. See https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/faf0b8c6-8c59-439f-ac62-dc4c078ed715?redirectedfrom=MSDN. |
For general information about proxied authorization, see RFC4370.