Encrypting Verification Question/Answer Pairs.

book

Article ID: 52746

calendar_today

Updated On:

Products

DIRECTORY CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On SINGLE SIGN ON - LEGACY CA Data Protection (DataMinder) CA User Activity Reporting

Issue/Introduction

Description

When submitting a Challenge/Response question/answer pair the information is processed by a Logical Attribute Handler (LAH). The LAH takes the data and records it in a string into your repository. The Forgotten Password Logical Attribute Handler can encrypt the question/answer pairs.

Solution

To enable encryption, configure the Forgotten Password Logical Attribute Handler:

  1. Go to the Forgotten Password LAH in the Identity Manager User environment console. Select the System tab > Logical Attributes > Modify Logical Attribute Handlers Select ForgottenPasswordHandler. For IM r12.
  2. Enter a value for the Encryption Key,

    For previous IM versions:
    1. Define a new parameter at the bottom.
    2. Call it "EncryptionKey" (without the quotes but with the exact case).
    3. Give it any value you desire (the longer the better).
    4. While you are at it, it is also recommended to change the separator from question mark (?) to something less used in a question, like a pipe (|).

    The separator is the value between the question and the answer. The entry if plain text would appear like:

    What is your mother's maiden name??Smith
    All IM Versions

  3. Click "Submit" to update your encryption configuration.


If you put a value into "EncryptionKey" it will use that value to mangle the data for both the question and answer so they cannot be read in clear text.

Environment

Release:
Component: IDMGR