Unable to set Security Question and Answers - "Bad attribute specified"
search cancel

Unable to set Security Question and Answers - "Bad attribute specified"


Article ID: 5087


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal


Entering the Security Questions and Answers through "Modify My Profile" CA Identity Manager Admin Task fails with error message "Logical Attribute: |Answer4|,|Answer3|,|Answer2|,|Answer1|,|Question5|,|Question4|,|VerifyAnswer|,|Question3|,|Question2|,|Question1|,|VerifyQuestion|,|Answer5|, had error: [facility=6 severity=3 reason=0 status=1 message=Bad attribute specified]."


Identity Manager


Security Questions and Answers logical attributes are handled through the Forgotten Password Handler and stored within the %PASSWORD_HINT% multi-valued attribute.

If the %PASSWORD_HINT% attribute is not defined as a multi-valued string in the User Directory definition, the Handler fails to pass the field values from the logical attributes (|Answer1|,|Question1|,|VerifyAnswer|,|VerifyQuestion|) to the physical attribute (mapped by %PASSWORD_HINT%).


Use CA Identity Manager Management Console to export and modify User Directory definition and ensure the %PASSWORD_HINT% attribute is set as a multi-valued.

For example
        <ImsManagedObjectAttr physicalname="MyAttribute" description="Password Hint" displayname="Password Hint" valuetype="String" multivalued="true" wellknown="%PASSWORD_HINT%" maxlength="0" hidden="true" system="true">
            <DataClassification name="AttributeLevelEncrypt"/>
            <DataClassification name="sensitive"/>

Import User Directory XML and restart IME to ensure changes are reflected correctly.