This lesson provides instructions to reset forgotten
passwords. You learn to configure personal password reset hint such as challenge
question and challenge response.
Place the cursor on this icon to display all screenshots.
You can also place the cursor on each icon to see only the screenshot associated
with it.
Overview
The Delegated Administration Services (DAS) Self
Service Console has a password reset feature, which enables users to reset
their passwords and configure their own challenge questions and challenge
responses. A user can configure a password reset hint question and an
answer. This question and answer will be used to reset the password if
the user forgets the password.
This method for resetting forgotten passwords is much
safer than the traditional password reset system of sending the user the
new password through
e-mail. Sending passwords through e-mail (usually done in clear text)
presents a serious security risk. Also, the forgotten password is probably
the same password that the user uses for e-mail. So the user will not
be able to retrieve the new password by using this type of password reset
system.
In addition to the user's challenge question,
the administrator can impose an unlimited number of challenges that the
user's must correctly answer before being allowed to reset the password.
To configure a challenge password reset, perform the following
steps:
1.
Open your Browser and enter the following URL:
http://<hostname>.<domain>:7777/oiddas
Log
in to DAS as rmoyer (which
is the user you created in the lesson titled "Delegated
Administration Services: Creating and Managing an Identity Management
Realm").
2.
Click the My Profile tab.
3.
Click the Change My Password tab.
4.
Enter your challenge question in the Password Reset
Hint field. Enter your answer in the Answer to Password Reset Hint
field. Click Submit.
Click OK.
5.
Check whether the password reset validation is working.
Click Logout to log out of DAS.
6.
Click Return to return to the DAS Home page.
7.
Click Forgot My Password ? link.
8.
Enter rmoyer in the User Name field and click
Next.
9.
You see your personal challenge
question. Enter the correct answer for the challenge question and click
Next.
10.
You see the Reset My Single Sign-On Password page. Enter the new password
in both New Password and Confirm New Password fields. Your
password should have at least one numeric character. Click Finish.
Click OK.
11.
Try to log in using the new password. Click Login.
Creating
Custom Attributes for Password Reset Validation
As a user, you have already set your own password challenge
question. In addition to this, an administrator can configure DAS with additional
challenge questions that the user must correctly answer before being able to
reset the forgotten password. Configure three challenge questions by using the
following:
Drivers License, Mothers Maiden Name, and Social Security
Number.
Note that Drivers license, Mothers Maiden Name and Social
Security Number are not a part of the standard attribute list in OID. Create
new attributes for these questions in OID and assign these new attributes to
an auxiliary object class so that they can be used in DAS.
1.
Start the Oracle Directory Manager GUI. Open a command
window, change directory to ORACLE_HOME/bin and issue the following command
to start Oracle Directory Manager.
sh oidadmin
Log in as orcladmin.
2.
Highlight the Schema Management entry.
3.
Click the Attributes taband click Create.
4.
You see the New Attribute Type form. Enter Name,
Object ID, Description, and Syntax for the new attribute. Because you
will assign character data for this new attribute, choose Directory
String as the syntax. Select the Single Value check box and
click OK.
The Name and Object ID for the attribute must be unique.
Spaces are not allowed in the attribute name. The Object ID must be in
a Dewey Decimal format.
5.
Similarly, create two more attributes: SSN and
MothersMaidenName.
6.
Create a new auxiliary object class and assign the three new attributes
to that object. Highlight Schema Management in Directory Information Tree (DIT). Click the
Object Classes tab and click Create.
7.
You see the New Object Class form. Enter Name, Object ID, Description,
and Type for the new auxiliary object.
8.
You assign the new attributes that you created to this
object. Scroll down to Optional Attributes section. Click Add.
9.
You will see a complete list of available attributes. Select the three
new attributes (DriversLicense, SSN, and MothersMaidenName). Keep the
Ctrl key pressed to select more than one attribute. Click Select.
10.
You see the selected attributes in the Optional Attributes list. Click
OK.
11.
Restart OC4J_SECURITY. Switch to the browser window
and enter the URL http://<hostname>.<domain>:1810.Click the link for the application server instance.
12.
You see the Oracle Enterprise Manager 10g Application
Server Control's Application Server Home page. The Application Server
Home page provides an overview of the Oracle Application Server 10g instance:
status, performance, and configured components. Scroll down to see the
System Components table.
13.
Select OC4J_SECURITY and click Restart.
14.
Click Yes when asked for confirmation.
Configuring
DAS Password Reset for Additional Challenge Questions
To add more challenge questions, perform the following steps:
1.
Log in to DAS as the orcladmin
user. Click the Configuration tab and click User Entry.
2.
Click Add Object Class. A list of all the available
object classes appears.
3.
Select the object that you created and click Add.
4.
The name of your object class should appear in the object
class list. Click Next.
5.
Click Add New Attribute.
6.
Select driverslicense from theDirectory
Attribute Name list. Enter a UI Label for the attribute you have chosen.
This label will appear in the Web forms. Select the Viewable, SelfEditable, and Password Reset Validation check boxes. Click
Done.
Repeat the steps to add SSN and MothersMaidenName for
challenge questions.
7.
After you have configured all the three attributes for password reset
validation, click Next.
8.
You can now categorize the attributes. Add the MothersMaidenName
attribute to the Personal Details category. Select the Personal Details
category and click Edit.
Similarly, add SSN and driverslicense to Additional
Personal Details category.
9.
Select mothersmaidenname from the Category List and click Move.
If an attribute is assigned to another category, then that attribute will
not appear in the Category List.
You must make sure that the user's DAS profile contains attribute
values for the password reset validation fields.
1.
Click the Directory tab.
2.
Enter the user's UID into the Search for user
field and click Go.
3.
After the user's name is returned, click Edit.
4.
Enter values for all the attributes that are configured
for password reset validation. Mothers Maiden Name will appear in the
Personal Details section. Drivers License and Social Security Number appears
in the Additional Personal Details section. Click Submit.
Bookmark
