Customize Error Messages in OpenIDM 4

This topic has 1 reply, 2 voices, and was last updated 6 years, 8 months ago by Jake Feasel.

  • Author
  • #6841


    We have enabled Reset Password functionality in OpenIDM 4.0 and enabled KBA verification as well.

    When a user tries to reset its password, if the number of KBA questions set for him are insufficient, he gets an error message as “Password Reset cannot be done”.
    However in the logs we get the exception as “Insufficient questions”.

    It’s a requirement that we display the complete reason to the user why was password reset unsuccessful, i.e. how can we display the message that is coming in the logs to the user?

     Jake Feasel

    Unfortunately, the particular error you are seeing (minimum number of questions not being defined for the user) is part of an open bug for this:

    A reasonable work-around could be setting a default question and answer (using managed.json onCreate and onUpdate scripts or via provisioning from an external system) for users, so you can be sure they always have one. The trick there would be to come up with a reasonable question for which you can generate an answer that only the user knows. Using a combination of values from the user as well as details from a linked record in another system might be your best bet.

    The other option would be to simply rely upon email verification for password reset until all of your users have set at least one question and answer in their profile.


Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?