Working on OpenAM 420 beta labs and ran into issue with security questions while using Legacy UI in 12.0.1 not reproducible in 12.0.0.
The main problem is that I do not see any security questions for Password Reset Options on the users profile page.
Same config as 12.0.0 Disable XUI to use (legacy) Password Reset features
Navigate to end user profile page > click on Edit link for Password Reset Options > No options displayed.
The error in CoreSystem looks like UMUserPasswordResetOptionsViewBean is being protected.
"WhitelistObjectInputStream.resolveClass:com.sun.identity.console.user.model.UMUserPasswordResetOptionsData was not i n the whitelist of allowed classes"
Security settings have a whitelist that is pre-populated with allowed classes and this is not one of them.
Looks like a new bug on the back of the JATO security fix.
Adding com.sun.identity.console.user.model.UMUserPasswordResetOptionsData to the existing whitelist, resolves the problem.
I can now see and edit the legacy PW Reset options.