Can You Administratively Delete Security Challenges And Answers When Lost Password Policy Enabled (Doc ID 1332050.1)

Last updated on MARCH 08, 2017

Applies to:

COREid Identity - Version: 10.1.4.3 and later   [Release: No Release Description and later ]
Information in this document applies to any platform.

Goal

If lost password policy is not enabled for a user, User Manager gives you the option to delete security challenge questions and answers.
If lost Password policy is enabled, then User Manager will no longer give the option to remove security challenge question and aswers.

You have also tried to remove the security challenges by making an IDXML request similar to the one documented in the Oracle Identity Xml developers guide (example 2-9). The Identity Server rejects this with a message indicating that your challenge question attribute value is invalid on your request to delete it.

So to recap, you need to remove security challenges for a given user. That user will be associated to a password policy that has lost password policy enabled. When you try to remove them administratively through IDXML, you get the following response:

<ObTextMessage>Invalid value for parameter PFGChallengeQuestionsText</ObTextMessage>
<ObStatus>1</ObStatus>

This appears to be caused by the fact the password policy requires that a user have security challenges. is there a way to work around this besides creating new policies and moving the user to the new policy, removing the challenge phrases and then moving them back to the old policy that has Lost password policy enabled?

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms