password-callouts stanza

The password-callouts stanza is used to configure the system to make a REST call before and after password update operations (/pkmspasswd) take place. This, for example, allows external services to perform password strength validation.

• authentication-endpoint
  Use the authentication endpoint to specify an endpoint called to obtain an access token which can then be used in the subsequent password update callouts.
• client-id
  Use this entry to specify the client identifier used when authenticating to the callout services.
• client-secret
  Use this entry to specify the client password used when we are authenticating to the callout services
• search-endpoint
  Use this entry to specify the endpoint called to map the IBM Security Verify Access user identity into an identity which is known to the callout service.
• search-filter
  Use this entry to specify the filter used when mapping the Verify Access user identity into an identity which is known to the callout services.
• pre-update-endpoint
  Use this entry to specify the endpoint to be called to perform any password pre-update processing.
• pre-update-user-prefix
  Use this entry to specify the prefix used when we are building the user identity to be included in the password pre-update callout.
• post-update-endpoint
  Use this entry to specify the endpoint to be called to perform any password post-update processing.
• proxy
  Use this stanza entry to define the proxy, if any, to reach the various endpoints.
• static-header
  Use this stanza entry to define any static headers which should be added to the callout requests.

Parent topic: Stanza reference