Enabling forgotten password authentication

When a user forgets ISIM password and must reset it, the user must verify credentials with the system.

An administrator typically defines the forgotten password challenges for a user to attempt a forgotten password recovery. This task is effective only if a WebSphere account repository is specified. This field is on the ITIM Service Manage Services > Change a Service > Service Information page. This repository can be ITIM Service or a service managed by the ISIM server. If no registry is specified, the forgotten password option is not available on the Login page.

Respond to a set of forgotten password challenges with answers that you previously specified. Responses are not case-sensitive by default, because the enrole.challengeresponse.responseConvertCase property from the enRole.properties file has a default value that is lower. The answers are stored in lowercase in the directory server. An answer that you entered is converted to lowercase while it is compared with the stored answers. If we want answers to be case-sensitive, change the value for enrole.challengeresponse.responseConvertCase from lower to none.. The requirement that a user must answer the challenge questions is configurable. By default, the user can bypass the challenge questions. We can force the user to respond to the challenge questions by modifying the property ui.challengeResponse.bypassChallengeResponse in the ui.properties file. To force user response, set the value to false. See the ui.properties topic in the Reference > Supplemental property files section.

• Configure user-defined forgotten password questions
  We can enable and configure forgotten password settings to allow users to supply their own questions for challenge response authentication.
• Configure administrator-defined forgotten password questions
  We can enable forgotten password settings for challenge response authentication.

Parent topic: Password administration