Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14206

Failure on Password Recovery Question results in Invalid Code

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 6.0.0.6
    • Fix Version/s: None
    • Component/s: self-service
    • Environment:
      AM 6.0.0.6
    • Rank:
      1|hzxd5z:
    • Support Ticket IDs:

      Description

      Bug description

      Due to changes with password recover in OPENAM-8349 the token is only allowed for one use. This change complicates the flow for how to handle a failed attempt to answer a security question. 

      How to reproduce the issue

      1. Configure Self Service for Password Recovery
        https://backstage.forgerock.com/docs/am/6/user-self-service-guide/#configuring-forgotten-password
      2. Try to recover password, But Fail the security question
      3. Use the back button to try to attempt the security questions again, This will fail with the following screen. Attached
      Expected behaviour
      In previous versions the Code would stay valid and user could get a new security question. 
      Current behaviour
      Code is invalidated, then the user would need to generate a new Recovery Email, there is no option on the Failed page to get a new question or handle that use case. 

      Work around

      Get a new recovery Email/code and try again. 

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              william.hepler William Hepler
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: