Recover with Secret Questions

Do the same configuration that is described in the Recover with Notification section, except the email­-admin­-config.xml configuration if not done already.

Make sure the default challenge question claim URIs available under Configure ­> Claim Management ­> http://wso2.org/claims/ ­>Challenge Question1 and Challenge Question2 are mapped with the correct attributes in the underlying data store.

You need to invoke UserIdentityManagementAdminService API to set the challenge question for a user by using the setChallengeQuestionsOfUser service to set the questions and answers. The WSDL would be as follows: https://localhost:9443/services/UserIdentityManagementAdminService?wsdl.

The following sequence of service calls for recovery with security questions use this Web service: https://localhost:9443/services/UserInformationRecoveryService?wsdl.

1. getCaptcha() ­- Generates a captcha.
2. verifyUser() ­- Validates the captcha answer and username and returns a new key.
3. getUserChallengeQuestionIds() ­- Retrieve the cliam URI IDs specified for the user with the generated key. Need to provide the key from the previous call.
4. getUserChallengeQuestion() ­- Retrieve the user’s challenge question for the specified claim URI ID from the previous call. Need to provide the key from the previous call.
5. verifyUserChallengeAnswer() ­- Validates the answer and confirmation code for the specified question. Need to provide the key from the previous call.
6. updatePassword() ­- Updates the password in the system. Need to provide the key from the previous call, the new password and return the status of the update, i.e. true or false.