OpenSSO Enterprise provides a Password Reset service to allow users to receive an email message containing a new password or to reset their password for access to a given service or application protected by OpenSSO Enterprise. The Password Reset attributes are realm attributes. The attributes are:
This attribute specifies the name of user attribute that is used to search for the user whose password is to be reset.
This field allows you to add a list of questions that the user can use to reset his/her password. To add a question, type it in the Secret Question filed and click Add. The selected questions will appear in the user's User Profile page. The user can then select a question for resetting the password. Users may create their own question if the Personal Question Enabled attribute is selected.
This attribute specifies the search filter to be used to find user entries.
This attribute specifies the DN from which the user search will start. If no DN is specified, the search will start from the realm DN. You should not use cn=directorymanager as the base DN, due to proxy authentication conflicts.
This attribute value is used with Bind Password to reset the user password.
This attribute value is used with Bind DN to reset the user password.
Confirm the password.
This attribute determines the classname for resetting the password. The default classname is com.sun.identity.password.RandomPasswordGenerator . The password reset class can be customized through a plug-in. This class needs to be implemented by the PasswordGenerator interface.
This attribute determines the method for user notification of password resetting. The default classname is: com.sun.identity.password.EmailPassword The password notification class can be customized through a plug-in. This class needs to be implemented by the NotifyPassword interface. See the OpenSSO Enterprise Developer's Guide for more information.
Selecting this attribute will enable the password reset feature.
Selecting this attribute will allow a user to create a unique question for password resetting.
This value specifies the maximum number of questions to be asked in the password reset page.
When enabled, this option forces the user to change his or her password on the next login. If you want an administrator, other than the top-level administrator, to set the force password reset option, you must modify the Default Permissions ACIs to allow access to that attribute.
This attribute specifies whether to disallow users to reset their password if that user initially fails to reset the password using the Password Reset application. By default, this feature is not enabled.
This attributes defines the number of attempts that a user may try to reset a password, within the time interval defined in Password Reset Failure Lockout Interval, before being locked out. For example, if Password Reset Failure Lockout Count is set to 5 and Login Failure Lockout Interval is set to 5 minutes, the user has five chances within five minutes to reset the password before being locked out.
This attribute defines (in minutes) the amount of time in which the number of password reset attempts (as defined in Password Reset Failure Lockout Count) can be completed, before being locked out.
This attribute specifies an email address that will receive notification if a user is locked out from the Password Reset service. Specify multiple email address in a space-separated list.
This attribute specifies the number of password reset failures that can occur before OpenSSO Enterprise sends a warning message that user will be locked out.
This attribute defines (in minutes) the duration that user will not be able to attempt a password reset if a lockout has occurred.
This attribute contains the inetuserstatus value that is set in Password Reset Lockout Attribute Value. If a user is locked out from Password Reset, and the Password Reset Failure Lockout Duration (minutes) variable is set to 0, inetuserstatus will be set to inactive, prohibiting the user from attempting to reset his or her password.
This attribute specifies the inetuserstatus value (contained in Password Reset Lockout Attribute Name) of the user status, as either active or inactive. If a user is locked out from Password Reset, and the Password Reset Failure Lockout Duration (minutes) variable is set to 0, inetuserstatus will be set to inactive, prohibiting the user from attempting to reset his or her password.