Encrypting Verification Question/Answer Pairs.
search cancel

Encrypting Verification Question/Answer Pairs.


Article ID: 52746


Updated On:


CA Directory CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On CA Security Command Center CA Data Protection (DataMinder) CA User Activity Reporting



When submitting a Challenge/Response question/answer pair the information is processed by a Logical Attribute Handler (LAH). The LAH takes the data and records it in a string into your repository. The Forgotten Password Logical Attribute Handler can encrypt the question/answer pairs.


To enable encryption, configure the Forgotten Password Logical Attribute Handler:

  1. Go to the Forgotten Password LAH in the Identity Manager User environment console. Select the System tab > Logical Attributes > Modify Logical Attribute Handlers Select ForgottenPasswordHandler. For IM r12.
  2. Enter a value for the Encryption Key,

    For previous IM versions:
    1. Define a new parameter at the bottom.
    2. Call it "EncryptionKey" (without the quotes but with the exact case).
    3. Give it any value you desire (the longer the better).
    4. While you are at it, it is also recommended to change the separator from question mark (?) to something less used in a question, like a pipe (|).

    The separator is the value between the question and the answer. The entry if plain text would appear like:

    What is your mother's maiden name??Smith
    All IM Versions

  3. Click "Submit" to update your encryption configuration.

If you put a value into "EncryptionKey" it will use that value to mangle the data for both the question and answer so they cannot be read in clear text.


Component: IDMGR