PingFederate Server

Proxied authorization

When connecting to PingDirectory or Oracle Directory Server, configure proxied authorization for the service account on the directory server if you intend to enable self-service password reset in any HTML Form Adapter instances that use this datastore.

By configuring proxied authorization for the service account on the directory server, users are not allowed to reset their passwords if their accounts are disabled or if they were not granted permission to change their passwords.

For information on configuring proxied authorization for service accounts, see the following table.

Directory server Reference

PingDirectory

See Working with Proxied Authorization in the PingDirectory Administration Guide.

Oracle Directory Server

Go to Oracle’s .oracle.com/cd/E29127_01/doc.111170/e28974/security-requirements.htm//[Oracle Fusion Middleware Deployment Planning Guide] and search for "Proxy Authorization".

Oracle Unified Directory

Go to Oracle’s online guide https://docs.oracle.com/cd/E52734_01/oud/OUDAG/toc.htm Fusion Middleware Administering Oracle Unified Directory and search for "proxied authorization control" in its glossary.

For general information about proxied authorization, see RFC4370.