This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Recover with Secret Questions

Do the same configuration that is described in the Recover with Notification section, except the email­-admin­-config.xml configuration if not done already.

Make sure the default challenge question claim URIs available under Configure ­> Claim Management ­> http://wso2.org/claims/ ­>Challenge Question1 and Challenge Question2 are mapped with the correct attributes in the underlying data store.

You need to invoke UserIdentityManagementAdminService API to set the challenge question for a user by using the setChallengeQuestionsOfUser service to set the questions and answers. The WSDL would be as follows: https://localhost:9443/services/UserIdentityManagementAdminService?wsdl.

The following sequence of service calls for recovery with secret questions use this Web service: https://localhost:9443/services/UserInformationRecoveryService?wsdl.

  1. getCaptcha() ­- Generates a captcha.
  2. verifyUser() ­- Validates the captcha answer and username and returns a new key.
  3. getUserChallengeQuestionIds() ­- Retrieve the cliam URI IDs specified for the user with the generated key. Need to provide the key from the previous call.
  4. getUserChallengeQuestion() ­- Retrieve the user’s challenge question for the specified claim URI ID from the previous call. Need to provide the key from the previous call.
  5. verifyUserChallengeAnswer() ­- Validates the answer and confirmation code for the specified question. Need to provide the key from the previous call.
  6. updatePassword() ­- Updates the password in the system. Need to provide the key from the previous call, the new password and return the status of the update, i.e. true or false.