 |
|
|
|
|
|
|
|
|
|
|
 |
 |
|
||||||||
 |
    |
|
||||||||
 |
|
|
||||||||
|
|
|||||||||
|
Password
Reset Validation The DAS Self Service Console has a password reset feature which allows users to reset their passwords and configure their own challenge question and challenge response. This feature allows users to configure a personal password reset hint and answer that is used to reset the users password should they forget their password. This method for resetting forgotten passwords is much safer than the traditional password reset systems which sends the user their new password through eMail. Sending a user their password over eMail is usually done in clear text which presents a serious security risk. Also, the users forgotten password is probably the same password they are using for eMail, so the user will not be able to retrieve their new password with this kind of password reset system. On the DAS Self Service Console home page, there is a link called "Forgot My Password". If a user has configured a challenge question and response in their DAS profile, they can click this link and reset their password by correctly answering the challenge question. Additionally, the administrator can impose an unlimited number of other challenges that the users must correctly answer before they are allowed to reset their password. Topics covered in this lesson Simple Password Reset Validation Creating custom attributes for Password Reset Validation Configuring DAS password reset for additional challenge questions Assigning attributes to the "Create User" form categories Populate Values for Password Reset Validation Test Password Reset Validation
Simple Password Reset Validation By default only one personal challenge question is needed for a user to reset their password. This personal challenge question is set by the user in their DAS profile which is located in the "Change My Password" link. Login to DAS as a user you want to to setup password reset validation. Select the "My Profile" tab. Select the "Change My Password" link. Fill in the "Password Reset Hint" and the "Answer to Password Reset Hint" fields. Example:
Click the "Submit" button when finished. Now logout of DAS and return to the DAS home page. Click the "Forgot My Password" link on he DAS home page. Enter your user ID and click the "Next" button. You should see your personal challenge question. Enter the matching response and click the "Next" button.
You should be redirected to a page that allows you to immediately change your password.
Watch a viewlet to see how its done.
Creating custom attributes for Password Reset Validation In this exercise we will configure DAS with 10 challenge questions that the user must correctly answer before they can reset their forgotten password. The 10 challenge questions we will configure are: Home phone, Work Phone, Employee Number, Zip Code, Department, Car License, Drivers License, Mothers Maiden Name and Social Security Number. We will also have the user set their own password challenge question. Optional Since Drivers license, Mothers Maiden Name and Social Security Number are not part of the standard attribute list in OID we will create new attributes for them in OID and assign these new custom attributes to an auxiliary object class so we can use them in DAS. If you plan to only use attributes that are already in OID you do not need to do this part of the exercise. We will first create three new custom attributes in OID. Start the Oracle Directory Manager GUI From the command prompt type "oidadmin" Example: # oidadmin Login to ODM as "orcladmin" Highlight the entry in the DIT called "Schema Management". Select the "Attributes" tab. Click the "Create" button. In the form that comes up assign your new attribute a Name, Object ID, Description, Syntax and finally check the "Single Value" box. Example:
For the "Name" field make sure you use a unique name that is not is use by another attribute. Spaces are not allowed in the attribute name. For the "Object ID" field make sure you use a unique ID number that is not used by any other objects in the OID schema. The Object ID must be in a dewey decimal format. Since we will only assign character string data in this new attribute, we chose "Directory String" as the Syntax. Click the "OK" button after entering these values. Create two more attributes called "SSN" and "MotherMaidenName" using the same steps. Examples: New SSN Attribute
New MothersMaidenName attribute
Now we need to create a new auxiliary object class and assign our three new attributes to it. With the "Schema Management" entry highlighted in your ODM DIT, select the "Object Classes" tab. Click the "Create" button. In the form that comes up give your new attribute a Name, Object ID, Description, and a object class Type. Example:
For the "Name" field make sure you use a unique name that is not is use by another object class. Spaces are not allowed in the object class name. For the "Object ID" field, make sure you use a unique ID number that is not used by any other objects in the OID schema. The Object ID must be in a dewey decimal format. Now we need to assign our three new attributes to this object class. In the "Optional Attributes" section of the form, click the "Add" button. A complete list of all available attributes will come up. Select DriversLicense, SSN and MothersMaidenName". After highlighting the names of each attribute click the "Select" button. You should see all three attributes in the optional attributes list for your new object class. Example:
Click the "OK" button after entering these values. Watch a viewlet to see how its done.
If you performed the previous steps to create new attributes and object classes you will need to restart the OC4J_SECURITY process from the EM admin console in order to make the new object class available to DAS in the next step.
Configuring DAS password reset for additional challenge questions Now we will make our new object class available to the DAS "Create User" form. Login to DAS as the "orcladmin" user. Select the "Configuration" tab. Select the "User Entry" sub tab. On the page that follows click on the "Add Object Class" button. A list of all the available object classes appears. Select the new object class we created earlier in this lesson and click the "Add" button. You should now see the name of that object class appear in the object class list. This is necessary in order to use the attributes contained in the object class in DAS.
Click the "Next" button. On the next page we need to add the three attributes we created in the previous part of this lesson. Click on the "Add New Attribute" button. On the page that follows select the "driverslicense" attribute from the directory attribute list.
Fill in the "UI Label" field with the name you want to appear on the in the web forms. In this example we will use "Drivers License". Select the check boxes for "Viewable", "Self Editable (If you want allow users to edit this field)", and "Password Reset Validation".
Click the "Done" button. Repeat the same steps for the "SSN" and "MothersMaidenName" attributes. Also make sure you check the "Password Reset Validation" box for any additional attributes you wish to include for password reset. Now we will add or modify any additional attributes needed for the DAS password reset. From the "Configure User Attributes" form, select the attribute you want to use for password reset validation and check the box "Password Reset Validation". If you do not see the attribute in the list of available attributes, click the "Add New Attributes" button and on the page that follows select your attribute form the drop down list. At a minimum you must assign the attribute a "UI Label" and check the "Viewable" and "Password Reset Validation" check boxes. Click the "Done" button when you are finished. Example:
Once all of the attributes that will be used for password reset validation have been configured click the "Next" button.
Assigning attributes to the "Create User" form categories Now we need to assign our new attributes to a form category. Select a category and click the "Edit" button. In this example we will add the "MothersMaidenName" attribute to the "Personal Details" category. Select the category and then click the "Edit" button. Example:
Select the attribute you want to assign to the category and then click the "Move" button.
If you do not see an attribute in the list it means it has already been assigned to another category. After you are finished moving all of your attributes into the form categories click the "Next" button. In the next section titled "Configure Search Table Columns" there is nothing to configure so just click the "Next" button to continue. On the next page click the "Finish" button. Watch a viewlet to see how its done.
Populate Values for Password Reset Validation We need to make sure that the users DAS profile contains attribute values for the password reset validation fields. Login to DAS as the "orcladmin" user. Select the "Directory" tab. Enter the users UID into the "Search for Users" field and hit enter. Once the users name is returned click the "Edit" button. Fill in the fields for all of the attributes that will be used for password reset validation. When finished, click the "Submit" button. Now login to DAS as the user you want to test and set the users personal challenge question and response. Select the "My Profile" tab. Click the "Change My Password" sub tab. Fill in the "Password Reset Hint" and the "Answer to Password Reset Hint" fields. Example:
Click the "Submit" button when you are finished. Watch a viewlet to see how its done.
Test Password Reset Validation Testing is easy. Navigate to the DAS home page. Click on the "Forgot My Password" link. On the page that follows you will be required to enter your user ID. After entering your user ID click the "Next" button. On the page that follows you should see the list of password reset validation fields that you setup earlier in this lesson
After filling in all of the fields with the correct values you should be redirected to a page which will let you change your password immediately.
|
 |
|
||||||||
 |
 |
 |
 |
 |
|
|||||
 |
|
|||||||||
.
.
