Encrypting Verification Question/Answer Pairs.
Article ID: 52746
Updated On:
Products
CA Directory
CA Identity Manager
CA Identity Governance
CA Identity Portal
CA Risk Analytics
CA Secure Cloud SaaS - Arcot A-OK (WebFort)
CLOUDMINDER ADVANCED AUTHENTICATION
CA Secure Cloud SaaS - Advanced Authentication
CA Secure Cloud SaaS - Identity Management
CA Secure Cloud SaaS - Single Sign On
CA Security Command Center
CA Data Protection (DataMinder)
CA User Activity Reporting
Issue/Introduction
Description
When submitting a Challenge/Response question/answer pair the information is processed by a Logical Attribute Handler (LAH). The LAH takes the data and records it in a string into your repository. The Forgotten Password Logical Attribute Handler can encrypt the question/answer pairs.
Solution
To enable encryption, configure the Forgotten Password Logical Attribute Handler:
- Go to the Forgotten Password LAH in the Identity Manager User environment console. Select the System tab > Logical Attributes > Modify Logical Attribute Handlers Select ForgottenPasswordHandler. For IM r12.
- Enter a value for the Encryption Key,
For previous IM versions: - Define a new parameter at the bottom.
- Call it "EncryptionKey" (without the quotes but with the exact case).
- Give it any value you desire (the longer the better).
- While you are at it, it is also recommended to change the separator from question mark (?) to something less used in a question, like a pipe (|).
- Click "Submit" to update your encryption configuration.
The separator is the value between the question and the answer. The entry if plain text would appear like:
What is your mother's maiden name??Smith
All IM Versions
If you put a value into "EncryptionKey" it will use that value to mangle the data for both the question and answer so they cannot be read in clear text.
Environment
Release:
Component: IDMGR
Component: IDMGR
Feedback
Yes
No
Powered by
