Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-8837

Deleting all KBA questions through the UI prevents user registration w/o visible Error Message



      After deleting all KBA questions via the UI, it's still possible to enable User Registration with KBA.

      even with

      minimumAnswersToDefine = 2
      minimumAnswersToVerify =1

      That's conceivably OK if there were a requirement to add questions during user self-registration. But there isn't.

      And the result, when trying user self-registration, I get a 500 error, only in the console (with an "internal server error" message for end user consumers, shown in the screenshot)

      So when I try to self-register as a new user, I see the following in the console:

       org.forgerock.selfservice.core.AnonymousProcessService logAndAdaptException
      SEVERE: Exception intercepted
      java.lang.IllegalArgumentException: KBA questions are not defined
      	at org.forgerock.util.Reject.ifTrue(Reject.java:269)
      	at org.forgerock.selfservice.stages.kba.SecurityAnswerDefinitionStage.gatherInitialRequirements(SecurityAnswerDefinitionStage.java:60)
      	at org.forgerock.openidm.selfservice.stage.AllInOneRegistrationStage.getSecurityAnswerDefinitionRequirements(AllInOneRegistrationStage.java:165)
      	at org.forgerock.openidm.selfservice.stage.AllInOneRegistrationStage.gatherInitialRequirements(AllInOneRegistrationStage.java:103)
      	at org.forgerock.openidm.selfservice.stage.AllInOneRegistrationStage.gatherInitialRequirements(AllInOneRegistrationStage.java:46)
      	at org.forgerock.selfservice.core.ProgressStageBinder$ProxyProgressStage.gatherInitialRequirements(ProgressStageBinder.java:72)

      To reproduce

      • start IDM with default project
      • Admin UI, Configure > User Registration
      • Enable User Registration
      • Edit KBA Stage, delete questions
      • Go to self-service UI, click Register

      Possible solutions:

      1) In the Admin UI, don't allow users to delete KBA questions, at least not below the minimum required.
      2) In the self-service UI, set up a better error message
      (alternatively, you could allow users to set up their own KBA questions during self-registration)

      Acceptance criteria:

      Changes to KBA questions should not lead to errors during user registration.


          Issue Links



              • Assignee:
                krismy.alfaro Krismy Alfaro
                Mike2 Mike Jang [X] (Inactive)
              • Votes:
                0 Vote for this issue
                6 Start watching this issue


                • Created: