search cancel

Identity Portal Forgotten Password Task OTP Limit

book

Article ID: 189083

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

When user enters an incorrect OTP in order to change his password, the limit is reached and he is not able to enter the correct OTP.  Essentially the user has only one OTP validation attempt.


Failed attempts are logged as 

2020-03-31 17:36:29,143 ERROR [com.idmlogic.sigma.connector.ca.tews.tasks.ResetForgottenPasswordTask] (default task-27) ForgottenPassword failed : : ErrorCode: 0, ErrorFamily: GENERAL, Message: com.idmlogic.sigma.connector

BackendMessages: 

Error: Code: 700, Literal: com.netegrity.ims.exception.IMSException, Message: The OTP value provided does not match and the retry limit reached., 

Environment

Release : 14.2/ 14.3

Component : IdentityMinder(Identity Manager)

Resolution

The issue is caused by the settings in the Forgotten Password task.

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-manager/14-2/configuring/user-console-design/self-service-tasks/configure-the-forgotten-password-reset-forgotten-user-id-and-one-time-password-tasks/lock-the-forgotten-password-reset-or-forgotten-user-id-task.html


It is not explicitly documented but the default verification page attempt limit is set to '1' although there are no explicit settings (see below).



If you want to have an unlimited number of attempts to log on with your OTP then please set the following to 0


Verification page timeout.
Verification page attempt limit.
Failed attempt limit.

Attachments