Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8977

Force the user to set the security questions

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 13.0.0, 13.5.0, 14.0.0
    • Fix Version/s: None
    • Component/s: self-service
    • Labels:
    • Target Version/s:
    • Support Ticket IDs:

      Description

      If you setup the option "Minimum Answers to Verify", the user can't use the forgotten password if no question is configured. In order to prevent this bad situation, OpenAM should force the user to complete the security questions earlier.

      This could be done after the authentication, by forcing the user to complete the security questions before having the SSO token.

      Workaround:

      You should be able to implement a custom authentication module that verifies the security questions configured:

      • if the security questions are configured => module succeed
      • if the minimum of security questions is not configured => print a view to setup the questions.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              quentin.castel Quentin CASTEL [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: