To add a password confirmation challenge to either changePassword or resetPassword form, add the following <RequiresChallenge> element as shown below, with substitutions for password, email, and fullname:
<Property name='RequiresChallenge' value='true'/>
where the value of property can be either true or false.
If the property is set to true in the form, Identity Manager will challenge the current administrator who is requesting the change to enter the password he used to log in to Identity Manager. If the challenge is not successful (that is, the current administrator's password is not entered), Identity Manager will not permit the challenge. If the challenge is successful, Identity Manager will permit the change request to proceed. Both password management forms support the use of the RequiresChallenge form property. When this property is set to true, the user is prompted to enter the old password after specifying the new password.