Password Reset
OpenSSO Enterprise provides a Password Reset service to allow users to receive an email message containing a new password or to reset their password for access to a given service or application protected by OpenSSO Enterprise. The Password Reset attributes are realm attributes. The attributes are:
User Validation
This attribute specifies the name of user attribute that is used to search for the user whose password is to be reset.
Secret Question
This field allows you to add a list of questions that the user can use to reset his/her password. To add a question, type it in the Secret Question filed and click Add. The selected questions will appear in the user's User Profile page. The user can then select a question for resetting the password. Users may create their own question if the Personal Question Enabled attribute is selected.
Search Filter
This attribute specifies the search filter to be used to find user entries.
Base DN
This attribute specifies the DN from which the user search will start. If no DN is specified, the search will start from the realm DN. You should not use cn=directorymanager as the base DN, due to proxy authentication conflicts.
Bind DN
This attribute value is used with Bind Password to reset the user password.
Bind Password
This attribute value is used with Bind DN to reset the user password.
Bind Password Confirm
Confirm the password.
Password Reset Option
This attribute determines the classname for resetting the password. The default classname is com.sun.identity.password.RandomPasswordGenerator . The password reset class can be customized through a plug-in. This class needs to be implemented by the PasswordGenerator interface.
Password Change Notification Option
This attribute determines the method for user notification of password resetting. The default classname is: com.sun.identity.password.EmailPassword The password notification class can be customized through a plug-in. This class needs to be implemented by the NotifyPassword interface. See the OpenSSO Enterprise Developer's Guide for more information.
Password Reset
Selecting this attribute will enable the password reset feature.
Personal Question
Selecting this attribute will allow a user to create a unique question for password resetting.
Maximum Number of Questions
This value specifies the maximum number of questions to be asked in the password reset page.
Force Change Password on Next Login
When enabled, this option forces the user to change his or her password on the next login. If you want an administrator, other than the top-level administrator, to set the force password reset option, you must modify the Default Permissions ACIs to allow access to that attribute.
Password Reset Failure Lockout
This attribute specifies whether to disallow users to reset their password if that user initially fails to reset the password using the Password Reset application. By default, this feature is not enabled.
Password Reset Failure Lockout Count
This attributes defines the number of attempts that a user may try to reset a password, within the time interval defined in Password Reset Failure Lockout Interval, before being locked out. For example, if Password Reset Failure Lockout Count is set to 5 and Login Failure Lockout Interval is set to 5 minutes, the user has five chances within five minutes to reset the password before being locked out.
Password Reset Failure Lockout Interval
This attribute defines (in minutes) the amount of time in which the number of password reset attempts (as defined in Password Reset Failure Lockout Count) can be completed, before being locked out.
Email Address to Send Lockout Notification
This attribute specifies an email address that will receive notification if a user is locked out from the Password Reset service. Specify multiple email address in a space-separated list.
Warn User After N Failures
This attribute specifies the number of password reset failures that can occur before OpenSSO Enterprise sends a warning message that user will be locked out.
Password Reset Failure Lockout Duration
This attribute defines (in minutes) the duration that user will not be able to attempt a password reset if a lockout has occurred.
Password Reset Lockout Attribute Name
This attribute contains the inetuserstatus value that is set in Password Reset Lockout Attribute Value. If a user is locked out from Password Reset, and the Password Reset Failure Lockout Duration (minutes) variable is set to 0, inetuserstatus will be set to inactive, prohibiting the user from attempting to reset his or her password.
Password Reset Lockout Attribute Value
This attribute specifies the inetuserstatus value (contained in Password Reset Lockout Attribute Name) of the user status, as either active or inactive. If a user is locked out from Password Reset, and the Password Reset Failure Lockout Duration (minutes) variable is set to 0, inetuserstatus will be set to inactive, prohibiting the user from attempting to reset his or her password.
- © 2010, Oracle Corporation and/or its affiliates