Sun Java System Access Manager 7 2005Q4 Administration Guide

Password Reset for End Users

The following sections describe the user experience for the Password Reset service.

Customizing Password Reset

Once the Password Reset service has been enabled and the attributes defined by the administrator, users are able to log into the Access Manager console in order to customize their secret questions.

ProcedureTo Customize Password Reset

  1. The user logs into the Access Manager console, providing Username and Password and is successfully authenticated.

  2. In the User Profile page, the user selects Password Reset Options. This displays the Available Questions Answer Screen.

  3. The user is presented with the available questions that the administrator defined for the service, such as:

    • What is your pet’s name?

      • What is your favorite TV show?

      • What is your mother’s maiden name?

      • What is your favorite restaurant?

  4. The user selects the secret questions, up to the maximum number of questions that the administrator defined for the realm (the maximum amount is defined the Password Reset Service). The user then provides answers to the selected questions. These questions and answers will be the basis for resetting the user’s password (see the following section). If the administrator has selected the Personal Question Enabled attribute, text fields are provided, allowing the user to enter a unique secret question and provide an answer.

  5. The user clicks Save.

Resetting Forgotten Passwords

In the case where users forget their password, Access Manager uses the Password Reset web application to randomly generate new passwords and notify the user of the new password. A typical forgotten password scenario follows:

ProcedureTo Reset Forgotten Passwords

  1. The user logs into the Password Reset web application from a URL given to them by the administrator. For example:

    http://hostname:port /ampassword (for the default realm


    http://hostname: port/deploy_uri /UI/PWResetUserValidation?realm=realmname, where realmname is the name of the realm.

    Note –

    If the Password Reset service is not enabled for a parent realm but is enabled for a sub-realm, users must use the following syntax to access the service:

    http://hostname: port/deploy_uri/UI/PWResetUserValidation?realm=realmname

  2. The user enters the user id.

  3. The user is presented with the personal questions that were defined in the Password Reset service and select by the user during customization. If the user has not previously logged into the User Profile page and customized the personal questions, the password will not be generated.

    Once the user answers the questions correctly, the new password is generated and emailed to the user. Attempt notification is sent to the user whether the questions are answered correctly or not. Users must have their email address entered in the User Profile page in order for the new password and attempt notification to be received.