[OPENIDM-4908] KBA settings can cause Password Reset to fail with a 500 Internal Server Error: "Exception intercepted" Created: 17/Dec/15  Updated: 29/Apr/16  Resolved: 29/Apr/16

Status: Closed
Project: OpenIDM
Component/s: Module - Web UI
Affects Version/s: OpenIDM 4.0.0
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Mark Gibson Assignee: Oliver Bradley
Resolution: Cannot Reproduce Votes: 0
Labels: dixon, release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

OpenIDM version "4.0.0-SNAPSHOT" (revision: 23b63c3) jenkins-OpenIDM - postcommit-952 origin/4.0.0


Issue Links:
Duplicate
is duplicated by OPENIDM-5020 Password Reset fails with 500 Server ... Closed
Relates
relates to OPENIDM-4893 KBA options not on user profile page ... Closed
Story Points: 1
Sprint: OpenIDM Sprint 59

 Description   

Password Reset fails with 500 Internal Server Error: "Exception intercepted"...Caused by: java.lang.IllegalStateException: Insufficient number of questions. Minimum number of questions user must answer: 1, Questions available: 0

The value of kbaEnabled in ui-configuration.json is only set to true if Self-Registration is enabled.

Steps:
1. run sample1
2. run recon on mapping
3. set up email service
4. enable Password Reset (leave kba enabled)
5. click Password Reset link on self-service ui
6. enter username bjensen@example.com and click submit
7. attempt to navigate to url

Expected Results:
able to reset password

Actual Results:
Internal server error



 Comments   
Comment by Mark Gibson [ 07/Jan/16 ]

Note: If KBA is not enabled for Self Registration, but is for Password Reset this same error occurs when user attempts to Reset Password.

Jan 07, 2016 1:36:01 PM org.forgerock.openidm.servlet.internal.ServletConnectionFactory$4 handleException
WARNING: Resource exception: 500 Internal Server Error: "Exception intercepted"
org.forgerock.json.resource.InternalServerErrorException: Exception intercepted
at org.forgerock.selfservice.core.AnonymousProcessService.logAndAdaptException(AnonymousProcessService.java:141)
at org.forgerock.selfservice.core.AnonymousProcessService.handleAction(AnonymousProcessService.java:123)
at org.forgerock.json.resource.Router.handleAction(Router.java:241)
at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:59)
...
Caused by: java.lang.IllegalStateException: Insufficient number of questions. Minimum number of questions user must answer: 1, Questions available: 0
at org.forgerock.selfservice.stages.kba.SecurityAnswerVerificationStage.gatherInitialRequirements(SecurityAnswerVerificationStage.java:94)
at org.forgerock.selfservice.stages.kba.SecurityAnswerVerificationStage.gatherInitialRequirements(SecurityAnswerVerificationStage.java:53)
at org.forgerock.selfservice.core.ProgressStageBinder$ProxyProgressStage.gatherInitialRequirements(ProgressStageBinder.java:80)
at org.forgerock.selfservice.core.ProgressStageBinding.gatherInitialRequirements(ProgressStageBinding.java:46)
at org.forgerock.selfservice.core.AnonymousProcessService.handleProgression(AnonymousProcessService.java:237)
at org.forgerock.selfservice.core.AnonymousProcessService.enactContext(AnonymousProcessService.java:216)
at org.forgerock.selfservice.core.AnonymousProcessService.progressProcess(AnonymousProcessService.java:205)
at org.forgerock.selfservice.core.AnonymousProcessService.handleAction(AnonymousProcessService.java:120)
... 101 more

Comment by Laurent Bristiel [X] (Inactive) [ 08/Jan/16 ]

Mark Gibson this problem occur only if the KBA questions where not set for the user you are trying to reset the password, right?
If you do password reset on a user that got self-created with KBA questions, then password reset works from what I could see.
If so, could you make the summary of the issue more accurate?

Comment by Mark Gibson [ 08/Jan/16 ]

Laurent Bristiel [X] Two conditions cause this problem:

  1. value of kbaEnabled in ui-configuration.json is only set to true if Self-Registration is enabled - which is what I originally reported
  2. KBA is not enabled for Self Registration, but is for Password Reset - would have worked if I had disabled KBA for password reset

I can change the summary to something about KBA settings causing the issue.

Comment by Oliver Bradley [ 29/Apr/16 ]

The value of kbaEnabled in ui-configuration.json is set to true when enabling Password Reset without enabling User Registration

Generated at Sun Sep 27 19:37:35 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.