You can add a password confirmation challenge to select forms by adding a RequiresChallenge property. When this feature is enabled, Identity Manager will challenge the currently logged-in administrator for his password before processing a request. The forms that support this option include:
userForm (Tabbed User form, Wizard User form, and default User form)
changePassword (by default, Change Password form)
reset PasswordForm (by default, Reset User Password form)
You specify this property differently for each form.
To add a password confirmation challenge to a user form, add the following RequiredElement element as shown below, with substitutions for password, email, and fullname:
<Property name='RequiresChallenge'> <List> <String>password</String> <String>email</String> <String>fullname</String> </List> </Property>
The value of the property is a list of one or more of the following User view attribute names: applications, adminRoles, assignedLhPolicy, capabilities, controlledOrganizations, email, firstname, fullname, lastname, organization, password, resources, roles.
To add a password confirmation challenge to either changePassword or resetPassword form, add the following <RequiresChallenge> element as shown below, with substitutions for password, email, and fullname:
<Property name='RequiresChallenge' value='true'/>
where the value of property can be either true or false.
If the property is set to true in the form, Identity Manager will challenge the current administrator who is requesting the change to enter the password he used to log in to Identity Manager. If the challenge is not successful (that is, the current administrator's password is not entered), Identity Manager will not permit the challenge. If the challenge is successful, Identity Manager will permit the change request to proceed. Both password management forms support the use of the RequiresChallenge form property. When this property is set to true, the user is prompted to enter the old password after specifying the new password.