January 14, 2016 at 1:31 pm #6841srParticipant
We have enabled Reset Password functionality in OpenIDM 4.0 and enabled KBA verification as well.
When a user tries to reset its password, if the number of KBA questions set for him are insufficient, he gets an error message as “Password Reset cannot be done”.
However in the logs we get the exception as “Insufficient questions”.
It’s a requirement that we display the complete reason to the user why was password reset unsuccessful, i.e. how can we display the message that is coming in the logs to the user?January 15, 2016 at 5:14 pm #6874Jake FeaselModerator
Unfortunately, the particular error you are seeing (minimum number of questions not being defined for the user) is part of an open bug for this: https://bugster.forgerock.org/jira/browse/OPENIDM-4908
A reasonable work-around could be setting a default question and answer (using managed.json onCreate and onUpdate scripts or via provisioning from an external system) for users, so you can be sure they always have one. The trick there would be to come up with a reasonable question for which you can generate an answer that only the user knows. Using a combination of values from the user as well as details from a linked record in another system might be your best bet.
The other option would be to simply rely upon email verification for password reset until all of your users have set at least one question and answer in their profile.
You must be logged in to reply to this topic.