Tagged: security questions in OpenAM
August 1, 2016 at 12:42 pm #12339greglukParticipant
1. How can I read the security questions that have been set up in OpenAM using REST ?
I want to issue a rest call to openam and get back a list of security questions that have been set up.
2. Also how can I retrieve the security questions that a specific user has answered and update their answers, should a use wish to update their security questions and answers. Again using a rest command
ThanksAugust 1, 2016 at 3:09 pm #12342
Well, there is not a straightforward way to do that (AFAIK).
The security questions are stored in the config-store as a localization bundle key and the corresponding values in a properties file. Of course, if you don
t have requirement for multiples languages, you can store the questions itself without using bundle key. I dont know if is possible to manage configurations using REST API but it is using Client SDK.
For user’s secret questions you can use the Read Identity REST endpoint. Answered questions are store in the “iplanet-am-user-password-reset-question-answer” attribute in the user account as a multi-valued attribute. An issue here is that values are stored encrypted and a question/answer pai separated by “,” and the only way to decrypt I know is using Client SDK.
So.. you will need to “hacking” a bit to get that.
RogerioAugust 3, 2016 at 4:04 pm #12409Peter MajorModerator
@rarondini not sure if the question was about the legacy password reset questions, could have been about KBA in 13+.August 3, 2016 at 4:25 pm #12412August 3, 2016 at 5:42 pm #12417greglukParticipant
I was referring to the KBA in OpenAM 13
How would we read what KBQ questions a user has chosen and allow the user to update their answers. I’m not sure how you update the KBA’s via a REST call
August 3, 2016 at 5:58 pm #12419
- This reply was modified 6 years, 1 month ago by gregluk.
So… I don`t have so much experience with KBA yet, but I believe would be in a similar way of legacy pwreset. Just need to know what attribute is used to store answered KBA questions.
Looking the documentation I can`t found a specif REST endpoint to do this.August 3, 2016 at 6:37 pm #12421
User attribute “kbaInfo” hold the question/answers of the user as a JSON object as
“<type of question>”: “<question>”,
}April 3, 2017 at 6:54 pm #16681zecaidamParticipant
I need to modify the attribute “kbainfo”
Anyone know if it is possible to change the encrypted answer format?
You must be logged in to reply to this topic.