User Self Care provides a method by which users can be provisioned into business-to-consumer environments.
User Self Care accomplishes this provisioning by supplying a set of operations that users can use to create and administer their own accounts. The operations include:
- Creating an account
- Creating and updating attributes associated with the account
- Changing passwords
- Recovering forgotten user IDs and passwords
- Deleting accounts
If you use WebSphere® 6.X, you can still use the Tivoli Federated Identity Manager Security STS client while Tivoli Federated Identity Manager supports WebSphere 6.X. When Tivoli Federated Identity Manager discontinues its support for WebSphere 6.X, use WebSphere Application Server version 7 Update 11 and later. See WS-Trust client API and WS-Trust Clients for details.
With the STS framework, administrators can plug their own token creation and consumption modules in. User Self Care uses the STS framework and the HTTP components of Tivoli Federated Identity Manager, but it is not used for token creation and consumption.
Users access User Self Care operations through an HTTP interface. Users interact with web pages that prompt for input, collect data, and provide feedback. User Self Care provides a small set of URLs that serve as endpoints for accessing operations.
You can customize User Self Care. STS modules plug-ins that are started sequentially in a chain implement business logic. To provide additional capability for each chain, you can replace individual modules or add new ones. You can modify or replace the HTML forms as necessary.
User Self Care uses the clustering, distribution, scaling, and configuration capabilities provided by WebSphere. User Self Care also uses the WebSphere Federated Repositories component for making registry adapters available to the operating environment. Administrators can add or replace registries.
User Self Care also integrates with Tivoli Access Manager WebSEAL. WebSEAL provides authentication and authorization for business-to-consumer transactions.
The figure shows the software pieces that comprise the User Self Care solution.
- WebSphere provides the framework for most of the software pieces.
- The Tivoli Federated
Identity Manager run
time provides two components that support User Self Care:
- User Self Care presentation management
- Provides a set of default pages. Users interact with these pages by requesting User Self Care URLs. The management framework supports customization and replacement of these pages. This support includes the ability to substitute (customize) macros on the pages.
- Secure token service (STS) trust chains
- Supports the building of dynamic chains of plug-in modules for performing business logic. User Self Care support includes a number of STS chains. Each chain maps to a User Self Care operation. You can extend the chains. You can replace or modify the component modules in each chain. Validating user input and sending a confirmation email is an example of a User Self Care chain operation.
- The STS modules use the WebSphere Federated Repository to communicate with the user registry. When the target user registry is Tivoli Access Manager, User Self Care uses the product adapter to communicate to the Tivoli Access Manager registry through the Tivoli Access Manager Registry Direct Java™ API.
User Self Care works with various user registries. Each registry has a unique syntax for performing management operations. The WebSphere Federated Repositories component allows User Self Care to issue a management command, such as user create, using a consistent syntax. The Federated Repositories component then passes the request to the appropriate registry adapter, which translates the command into the registry-specific syntax.
Since WebSphere Federated Repositories provides a plug-in interface for adapters, you can add new registries without modifying the User Self Care.