test

Sun Identity Manager 8.1 Business Administrator's Guide

Challenging Administrator Actions

Identity Manager can be configured to prompt administrators for a password before processing certain account changes. If authentication fails, then the account changes will be cancelled.

There are three forms that administrators can use to change user passwords. These are the Tabbed User form, the Change User Password form, and the Reset User Password form. To ensure that administrators are required to enter their password before Identity Manager processes user account changes, be sure to update all three forms.

ProcedureTo Enable the Challenge Option for Tabbed User Forms

To require a password challenge on the Tabbed User form, follow these steps.

  1. In the Administrator interface, open the Identity Manager debug page (The Identity Manager Debug Page) by typing the following URL into your browser. (You must have the Debug capability to open this page.)

    http://<AppServerHost>:<Port>/idm/debug/session.jsp

    The System Settings page (Identity Manager debug page) opens.

  2. Find the List Objects button, select UserForm from the drop-down menu, then click the ListObjects button.

    The List Objects of type: UserForm page opens.

  3. Locate the copy of the Tabbed User Form that you have in production and click edit. (The Tabbed User Form distributed with Identity Manager is a template and should not be modified.)

  4. Add the following code snippet inside the <Form> element:


    <Properties>
  <Property name=’RequiresChallenge’>
    <List>
      <String>password</String>
      <String>email</String>
      <String>fullname</String>
    </List>
  </Property>
</Properties>

    The property value is a list that can contain one or more of the following user view attribute names:

    • applications

    • adminRoles

    • assignedLhPolicy

    • capabilities

    • controlledOrganizations

    • email

    • firstname

    • fullname

    • lastname

    • organization

    • password

    • resources

    • roles

  5. Save your changes.

ProcedureTo Enable the Challenge Option for Change User Password and Reset User Password Forms

To require a password challenge on the Change User Password and Reset User Password forms, follow these steps:

  1. In the Administrator interface, open the Identity Manager debug page (The Identity Manager Debug Page) by typing the following URL into your browser. (You must have the Debug capability to open this page.)

    http://<AppServerHost>:<Port>/idm/debug/session.jsp

    The System Settings page (Identity Manager debug page) opens.

  2. Locate the List Objects button, select UserForm from the drop-down menu, then click the ListObjects button.

    The List Objects of type: UserForm page opens.

  3. Locate the copy of the Change Password User Form that you have in production and click edit. (The Change Password User Form distributed with Identity Manager is a template and should not be modified.)

  4. Locate the <Form> element, then go to the <Properties> element.

  5. Add the following line inside the <Properties> element and save your changes.

    <Property name=’RequiresChallenge’ value=’true’/>

  6. Repeat steps 3 - 5, except edit the copy of the “Reset User Password Form” that you have in production.