Sun Identity Manager Service Provider 8.1 Deployment

Forgot Password Page

A user selects the Forgot password? link on the login page to display a page similar to the Forgot Username page. The user must first supply the telephone number stored in the telephoneNumber attribute on the directory and a valid email address. Next, the user is prompted to provide answers to authentication questions.

If the user has not previously answered their authentication questions or if authentication questions are not configured, an error is displayed. If the correct answers are given to the authentication questions, either a password is generated and emailed to the user, or the user is redirected to a page allowing them to reset their password. The password attribute in the SPEUserPages configuration object determines which action the system takes.

If configured in the Service Provider Account Policy, the account can be locked after a specified number of failed attempts to answer challenge questions.

The following table summarizes the structure of this page.



Page Processor Classes 

  • ForgotPasswordForm

  • UserQuestionForm

View Handlers 

  • IDMXLookupUsernameViewer

  • IDMXUserQuestionViewer


  • Service Provider End-User Forgot Password

  • Service Provider End-User Reset Password

Email template 

Service Provider End-User Reset Password 

Configuration object attributes 


  • lookup-attributes.title

  • lookup-attributes.required

  • notification.passwordreset

  • password.reset-mode

Audit event 

challengeResponse (for success and failure) 

The form can also use the “auditEventType” form property to instruct the viewer about which type of audit event to log.