This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Recover with Secret Questions
Do the same configuration that is described in the Recover with Notification section, except the emailÂ-adminÂ-config.xml configuration if not done already.
Make sure the default challenge question claim URIs available under Configure Â> Claim Management Â> http://wso2.org/claims/ Â>Challenge Question1 and Challenge Question2 are mapped with the correct attributes in the underlying data store.
You need to invoke UserIdentityManagementAdminService API to set the challenge question for a user by using the setChallengeQuestionsOfUser service to set the questions and answers. The WSDL would be as follows: https://localhost:9443/services/UserIdentityManagementAdminService?wsdl
.
The following sequence of service calls for recovery with secret questions use this Web service:Â https://localhost:9443/services/UserInformationRecoveryService?wsdl
.
- getCaptcha() Â- Generates a captcha.
- verifyUser() Â- Validates the captcha answer and username and returns a new key.
- getUserChallengeQuestionIds() Â- Retrieve the cliam URI IDs specified for the user with the generated key. Need to provide the key from the previous call.
- getUserChallengeQuestion() Â- Retrieve the user’s challenge question for the specified claim URI ID from the previous call. Need to provide the key from the previous call.
- verifyUserChallengeAnswer() Â- Validates the answer and confirmation code for the specified question. Need to provide the key from the previous call.
- updatePassword() Â- Updates the password in the system. Need to provide the key from the previous call, the new password and return the status of the update, i.e. true or false.