Oracle Identity Manager (OIM) 11g by default comes with 4 challenge questions and user must set three challenge questions during first time login . These challenge questions are used to authenticate user in forgot password use case.
In this post I am going to cover how to add additional challenge questions in OIM
High Level Steps to Add additional challenge questions in OIM are
1. Add Challenge Questions in Lookup Definition Lookup.WebClient.Questions via OIM Design Console. More on Design Console in OIM 11g here and Design Console version 9/10 here
For example if you add question with code key “What is your favourite website?” and Decode “What is your favourite website?” then you must update file customResources.properties and customResources_en.properties with entry like below (replace any space in code key with -)
global.Lookup.WebClient.Questions.What-is-your-favourite-website?=What is your favourite website?
Note: If you have OIM installed on multiple machines for high availability then update these files on all OIM machines.
3. Test newly added challenge question by creating a new user and login using new user in OIM. Ensure that user can see new challenge questions
If you see login page hangs after authentication for new user and if you see errors like below in OIM log file then ensure that there is no typo in customResources_en.properties file
_____
[2012-10-17T10:21:49.052+01:00] [WLS_OIM1] [NOTIFICATION] [IAM-3050013] [oracle.iam.identity.usermgmt.impl] [tid: [ACTIVE].ExecuteThread: ’19’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDo43j7u105Nzk3ye00008w000^yV,0:1] [APP: oim#11.1.1.3.0] [URI: /admin/faces/pages/pwdmgmt.jspx] Searching for users with the specified criteria.
[2012-10-17T10:21:49.647+01:00] [WLS_OIM2] [WARNING] [] [oracle.iam.ChangePasswordtaskflow.logging] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#11.1.1.3.0] [URI: /admin/faces/pages/pwdmgmt.jspx] User atul2012‘s challenge questions not set
[2012-10-17T10:21:49.676+01:00] [WLS_OIM1] [ERROR] [] [XELLERATE.ACCOUNTMANAGEMENT] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#11.1.1.3.0] [URI: /admin/faces/pages/pwdmgmt.jspx] Class/Method: tcUserOperationsBean/getChallengeValuesForSelfData encounter some problems: no questions found for ‘407’.
[2012-10-17T10:21:49.683+01:00] [WLS_OIM1] [WARNING] [] [oracle.iam.ChangePasswordtaskflow.logging] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#11.1.1.3.0] [URI: /admin/faces/pages/pwdmgmt.jspx] Could not get challenges for logged in User
[2012-10-17T10:21:49.766+01:00] [WLS_OIM1] [NOTIFICATION] [] [oracle.iam.passwordmgmt.impl] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#11.1.1.3.0] [URI: /admin/faces/pages/pwdmgmt.jspx] Cannot find resource for bundle oracle.iam.platform.utils.OIMCustomResourceBundle@17bfca48, global.Lookup.WebClient.Questions.What-is-the-name-of-your-pet? global.Lookup.WebClient.Questions.What-is-the-name-of-your-pet?
[2012-10-17T10:21:50.804+01:00] [WLS_OIM1] [NOTIFICATION] [J2EE JSP-00008] [oracle.j2ee.jsp] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#11.1.1.3.0] [URI: /admin/faces/pages/pwdmgmt.jspx] unable to dispatch JSP page: The following exception occurred:.[[
javax.faces.FacesException: javax.faces.FacesException: oracle.adf.controller.ControllerException: ADFC-10001: cannot instantiate class ‘oracle.iam.ChangePasswordtaskflow.backing.taskflows.ChangePasswordView’
at com.sun.faces.application.ApplicationImpl.createComponent(ApplicationImpl.java:261)
at javax.faces.webapp.UIComponentELTag.createComponent(UIComponentELTag.java:222)
at javax.faces.webapp.UIComponentClassicTagBase.createChild(UIComponentClassicTagBase.java:513)
at javax.faces.webapp.UIComponentClassicTagBase.findComp
Caused by: javax.faces.FacesException: oracle.adf.controller.ControllerException: ADFC-10001: cannot instantiate class ‘oracle.iam.ChangePasswordtaskflow.backing.taskflows.ChangePasswordView’
at oracle.adfinternal.controller.util.Utils.createAndLogFacesException(Utils.java:192)
at oracle.adfinternal.controller.beans.ManagedBeanFactory.newInstance(ManagedBeanFactory.java:192)
at oracle.adfinternal.controller.beans.ManagedBeanFactory.instantiateBean(ManagedBeanFactory.java:873)
Caused by: java.util.MissingResourceException: Can’t find resource for bundle java.util.PropertyResourceBundle, key global.Lookup.WebClient.Questions.What-was-your-favorite-cartoon-charater-as-a-child?
at java.util.ResourceBundle.getObject(ResourceBundle.java:374)
[2012-10-17T10:21:50.814+01:00] [WLS_OIM1] [WARNING] [] [oracle.adfinternal.view.faces.lifecycle.LifecycleImpl] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#11.1.1.3.0] [URI: /admin/faces/pages/pwdmgmt.jspx] ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase RENDER_RESPONSE 6[[
javax.faces.FacesException: javax.servlet.ServletException: OracleJSP error:
javax.faces.FacesException: javax.faces.FacesException: oracle.adf.controller.ControllerException: ADFC-10001: cannot instantiate class ‘oracle.iam.ChangePasswordtaskflow.backing.taskflows.ChangePasswordView’
at com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:415)
______
Ensure that there are no typos in customResources_en.properties file and also entry matches with one in lookup definition.