OIM 11g How to add Challenge Questions

Oracle Identity Manager (OIM) 11g by default comes with 4 challenge questions and user must set three challenge questions during first time login . These challenge questions are used to authenticate user in forgot password use case.

  • You can also integrate OIM with OAAM to delegate challenge questions to OAAM
  • For more on OIM challenge questions click here and here

In this post I am going to cover how to add additional challenge questions in OIM

 

High Level Steps to Add additional challenge questions in OIM are

1. Add Challenge Questions in Lookup Definition Lookup.WebClient.Questions via OIM Design Console. More on Design Console in OIM 11g here and Design Console version 9/10 here

2. Configure Localisation by adding questions in $ORACLE_HOME/server/customResources – customResources.properties and customResources_en.properties (If you have additional languages configured then add questions in customResources_[lang].properties )

For example if you add question with code key “What is your favourite website?” and Decode “What is your favourite website?” then you must update file customResources.properties and customResources_en.properties with entry like below (replace any space in code key with -)

global.Lookup.WebClient.Questions.What-is-your-favourite-website?=What is your favourite website?

Note: If you have OIM installed on multiple machines for high availability then update these files on all OIM machines.

3. Test newly added challenge question by creating a new user and login using new user in OIM. Ensure that user can see new challenge questions

 

 

If you see login page hangs after authentication for new user and if you see errors like below in OIM log file then ensure that there is no typo in customResources_en.properties file

_____

[2012-10-17T10:21:49.052+01:00] [WLS_OIM1] [NOTIFICATION] [IAM-3050013] [oracle.iam.identity.usermgmt.impl] [tid: [ACTIVE].ExecuteThread: ’19’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDo43j7u105Nzk3ye00008w000^yV,0:1] [APP: oim#11.1.1.3.0] [URI: /admin/faces/pages/pwdmgmt.jspx] Searching for users with the specified criteria.

[2012-10-17T10:21:49.647+01:00] [WLS_OIM2] [WARNING] [] [oracle.iam.ChangePasswordtaskflow.logging] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#11.1.1.3.0] [URI: /admin/faces/pages/pwdmgmt.jspx] User atul2012‘s challenge questions not set

[2012-10-17T10:21:49.676+01:00] [WLS_OIM1] [ERROR] [] [XELLERATE.ACCOUNTMANAGEMENT] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#11.1.1.3.0] [URI: /admin/faces/pages/pwdmgmt.jspx] Class/Method: tcUserOperationsBean/getChallengeValuesForSelfData encounter some problems: no questions found for ‘407’.

[2012-10-17T10:21:49.683+01:00] [WLS_OIM1] [WARNING] [] [oracle.iam.ChangePasswordtaskflow.logging] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#11.1.1.3.0] [URI: /admin/faces/pages/pwdmgmt.jspx] Could not get challenges for logged in User

[2012-10-17T10:21:49.766+01:00] [WLS_OIM1] [NOTIFICATION] [] [oracle.iam.passwordmgmt.impl] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#11.1.1.3.0] [URI: /admin/faces/pages/pwdmgmt.jspx] Cannot find resource for bundle  oracle.iam.platform.utils.OIMCustomResourceBundle@17bfca48, global.Lookup.WebClient.Questions.What-is-the-name-of-your-pet? global.Lookup.WebClient.Questions.What-is-the-name-of-your-pet?

 

[2012-10-17T10:21:50.804+01:00] [WLS_OIM1] [NOTIFICATION] [J2EE JSP-00008] [oracle.j2ee.jsp] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#11.1.1.3.0] [URI: /admin/faces/pages/pwdmgmt.jspx] unable to dispatch JSP page: The following exception occurred:.[[

javax.faces.FacesException: javax.faces.FacesException: oracle.adf.controller.ControllerException: ADFC-10001: cannot instantiate class ‘oracle.iam.ChangePasswordtaskflow.backing.taskflows.ChangePasswordView’

        at com.sun.faces.application.ApplicationImpl.createComponent(ApplicationImpl.java:261)

        at javax.faces.webapp.UIComponentELTag.createComponent(UIComponentELTag.java:222)

        at javax.faces.webapp.UIComponentClassicTagBase.createChild(UIComponentClassicTagBase.java:513)

        at javax.faces.webapp.UIComponentClassicTagBase.findComp

 

 

Caused by: javax.faces.FacesException: oracle.adf.controller.ControllerException: ADFC-10001: cannot instantiate class ‘oracle.iam.ChangePasswordtaskflow.backing.taskflows.ChangePasswordView’

        at oracle.adfinternal.controller.util.Utils.createAndLogFacesException(Utils.java:192)

        at oracle.adfinternal.controller.beans.ManagedBeanFactory.newInstance(ManagedBeanFactory.java:192)

        at oracle.adfinternal.controller.beans.ManagedBeanFactory.instantiateBean(ManagedBeanFactory.java:873)

 

 

Caused by: java.util.MissingResourceException: Can’t find resource for bundle java.util.PropertyResourceBundle, key global.Lookup.WebClient.Questions.What-was-your-favorite-cartoon-charater-as-a-child?

        at java.util.ResourceBundle.getObject(ResourceBundle.java:374)

 

 

[2012-10-17T10:21:50.814+01:00] [WLS_OIM1] [WARNING] [] [oracle.adfinternal.view.faces.lifecycle.LifecycleImpl] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#11.1.1.3.0] [URI: /admin/faces/pages/pwdmgmt.jspx] ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase RENDER_RESPONSE 6[[

javax.faces.FacesException: javax.servlet.ServletException: OracleJSP error:

javax.faces.FacesException: javax.faces.FacesException: oracle.adf.controller.ControllerException: ADFC-10001: cannot instantiate class ‘oracle.iam.ChangePasswordtaskflow.backing.taskflows.ChangePasswordView’

        at com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:415)

______

Ensure that there are no typos in customResources_en.properties file and also entry matches with one in lookup definition.

 

 

 

 

 

 

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Oracle Gold Partner specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

10 comments
anand says November 14, 2012

Hi atul,

We have done with OIM and OAM integration 11.1.2.0. OIM page is getting protected but the issue we got here ,when we try to access identity ,it is redirecting to OAM page fine but on OAM page we cant see the(New User registration,forgot password/forgot user login,Track my registration)

Please help me out with this issue.

Reply
Atul Kumar says November 14, 2012

@ Anand,

It looks like during OIM-OAM integration, OAM was not updated (check admin server log file for OAM for issue)

You must look at
http://onlineappsdba.com/index.php/2012/09/18/forgot-password-link-on-oam-login-page/ and then check file $DOMAIN_HOME/config/fmwconfig/oam-config.xml

Do not edit oam-config.xml while OAM or Admin server is running (shut them down first, make backup and then edit file)

Reply
anand says November 15, 2012

Hi Atul,

It worked absolutely fine.Thanks for your help and support.

Reply
PeterZ says February 6, 2013

So if I have a cluster of OIM servers (WLS_OIM1 and WLS_OIM2) do I make change to customResources_en.properties file on both servers or just on the machine where Admin server is running?

Reply
    Atul Kumar says February 6, 2013

    If ORCALE_HOME for these two OIM servers is not shared then you must make changes to customResources_en.properties file on both servers.

    Reply
Arun says June 9, 2015

Hi Atul,
How many number of Challenge Questions can be added. is there any limit in OIM11gR2PS2.

I have a situation where I need to add 8000 Challenge Questions.

Is it Possible? Please reply my post soon.

Thanks in advance.

Reply
    Atul Kumar says June 9, 2015

    @Arun,
    I have not seen any limit so best is to try and attempt , max I’ve seen is 70 for a customer but 8000 seems to be too much . Did you inform customer that selecting from 8000 questions may not be good user experience .

    Reply
Arun says June 10, 2015

Hi Atul,
Thanks for your response.

We have a requirement of migrating a huge number of custom challenge question answers set from SIM to OIM11gR2PS2. Those questions are unique so all of them needs to be migrated.

All the questions(I mean 8000) will not be displayed to the user, only default (4) & His own questions will be displayed as per our discussion with client.

Please suggest, iF OIM allows to add all those questions, I mean addition of 8000 questions will be supported by OIM?

Regards,
Arun

Reply
Arun says June 12, 2015

Please reply me for my issue.

Reply
Manoranjan Swain says April 1, 2016

Hi Atul,

Can you please let me know the step by step link to perform the challenged security question in 11gR2PS3.

Regards,
Manoranjan

Reply
Add Your Reply