Publishing Forefront Identity Manager (FIM) Self Service Password Reset (SSPR) portal through Web Application Proxy (WAP)

As we know FIM SSPR service has two portals.

  1. Password registration portal
  2. Password reset portal.

In this blog post you we will see how to publish the SSPR Reset portal through WAP.

You can visit the below blog posts to know the details on publishing FIM Portal and SSPR Registration portal.

How to publish FIM Portal through Web Application Proxy.

How to publish FIM SSPR Registration portal through Web Application Proxy.

Publishing FIM Password Reset Portal on WAP

The Password reset portal cannot be published using the Pre-authentication method on the WAP as the portal requires anonymous access from the end users. So publishing password reset portal through the WAP is pretty simple.

1. Make sure you are able to access your password reset portal from the WAP server from a browser. If you are unable to access it from the WAP server, please check your name resolution or Firewall settings or any other settings which prevents the access.

2. Open ‘Remote Access Management console’ on the WAP server Click on the ‘Publish’ option.

 

 

3. Click next and select ‘Pass-through’ option.

4. Enter the following details on the next window.

 

  1. Name: Any name to identify this application  (eg: Password Reset Portal)
  2. External URL: The url you will use to access the Password reset Portal from external world or  internet (https://passwordreset.contoso.com)
  3. External Certificate: Since the site is published over SSL we need to select a certificate for this site. Before beginning this wizard, make sure to obtain and install a certificate which has the external name of your Password reset portal.
  4. Backend server URL:  this is the URL which you use to access the password reset portal  from your Intranet  (eg: https://passwordreset.contoso.com )

Click Next, Publish and finish the wizard.

Configure your external firewall to forward the traffic coming for password reset portal to WAP server IP.

Test the access from an external client machine. You should be able to access it.

 

 

Author:  

ANIL GEORGE 
Microsoft Security Support Engineer

 

Reviewer:

SURAJ SINGH 
Microsoft Security Support Escalation Engineer