• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


  • Categories

  • Archive

  • OIM 11g Challenge Questions (PCQ) for forgot password

    Posted by "" in "OIM" on 2011-12-27


    When user login to OIM for first time, they are asked to set response to challenge questions. These challenge question and response are used, if user forgets his/her password and try to reset them via forgot password link. This post covers overview of challenge question and adding/managing additional questions.

    1. To configure challenge questions , use OIM design Console (more on OIM design console here and  here)

    a) Navigate to Administration -> Lookup Definition

    b) Search for Lookup Code Lookup.WebClient.Questions

    c) Click on Add/Delete button to add or delete challenge questions


    2. OIM challenge question and response are governed by following System Properties that are accessible from OIM Advanced Administration Console using  Advanced -> System Management (tab) -> System Configuration



    a) OIM.DisableChallengeQuestions (default value FALSE) : determines if challenge questions are enabled or disabled. Set this value to TRUE (i.e. disable challenge questions in OIM), if OIM is integrated with OAAM (Adaptive Access Manager) so that challenge questions are set by OIM.

    b) PCQ.PROVIDE_DURING_SELFREG (default value TRUE) : determines if user has to provide challenge information during self registration.

    c) XL.IsDupResponseAllowed (default value FALSE) : determines if duplicate answer to challenge questions are allowed or not. If set to TRUE, users are allowed to select same answer to different challenge questions.

    d) XL.ResponseMinLength (default value 0) : determines minimum length of response required for challenge question.

    e) PCQ.NO_OF_CORRECT_ANSWERS (default value 3) : determines number of questions , user must answer correctly to reset user password.

    f) OIM.ChallengeQuestionsModificationURL (default value NONE) : determines challenge question URL when OIM.DisableChallengeQuestions is set to TRUE. Typically used in OIM integration with OAAM

    g) PCQ.USE_DEF_QUES (default value TRUE) : determines if user must select questions from pre-defined list, or if users are required to provide their own questions.

    Note: If you wish to give option to users to set their own questions then you will have to customise OIM user interface and then set PCQ.USE_DEF_QUES to FALSE

    h) PCQ.FORCE_SET_QUES (default value TRUE) : determines if user is forced to set challenge question/response at start-up. If value is set to FALSE then Skip challenge questions or Remind Later is displayed.


    i) PCQ.NO_OF_QUES (default value 3) : determines Number of challenge questions that must be completed by user.


    3. User challenge question and responses are stored in table PCQ of OIM schema where USR_KEY is column which links to USR_KEY in USR (USER details) table .


    Related Posts for Identity Manager

    1. Oracle Identity Manager (User Provisioning – Thor)
    2. Installing Oracle Identity Manager (Thor Xellerate)
    3. Oracle Identity Manager 9.1 released
    4. Oracle Identity Manager (Thor Xellerate) Architecture
    5. Resource, Reconciliation, Provisioning and Connector in Oracle Identity Manager #OIM
    6. Oracle Identity Manager (OIM) Connector for Oracle Internet Directory (OID) : Architecture and Overview
    7. Step by Step Installation of OIM Design Console 9.1.0
    8. Error while running PurgeCache in OIM 11g : LoginException unable to find LoginModule class : WebLogic Full Clinet
    9. Integrate OIM 11g with OID using connector for Provisioning / Reconcilliation – Installation
    10. PurgeCache in OIM 11g : CategoryName
    11. OIM LDAP Sync : Overview and Key Points
    12. OIM 11g : How to export/import/delete Files from MDS
    13. Where are OAM details stored in OIM (account unlock, password reset)
    14. libOVD adapters in OIM LDAP Integration : LDAPsync – view and modify Adapter settings (bindDN and bindPassword)
    15. Error Starting OIM Design Console (xlclient.sh) on Linux java.lang. NoClassDefFoundError
    16. OIM 11g Challenge Questions (PCQ) for forgot password
    17. Oracle EBS Integration with OIM (Identity Manager) : Things you should know
    18. Users not synced from OID to OIM : Debug Scheduled Job
    19. OIM Connector for Microsoft : AD, Exchange, Windows, Password Management
    20. Connector Server for OIM connectors : .NET or JAVA
    21. OIM 11g Challenge Questions – Everything you must know
    22. OIM 11g How to add Challenge Questions
    23. OIM : Assign AD resource : An error occurred because the Adapters are not compiled : How to compile adapters in OIM
    24. OIM User Creation : An Error occurred while performing create user operation. Unable to get LDAP connection
    25. OIM – AD integration : Active Directory Group Lookup Recon failed with error Remote Framework Key is invalid
    26. Microsoft Active Directory (AD) to Oracle Identity Manager (OIM) Password Synchronization: Things you must know : Part I
    27. Provision resource “Microsoft Exchange” to user in OIM : Status remains in Provisioning : Part I
    28. Target Resource (or Managed Resource) vs Trusted Source (or Authoritative Source) Mode : OIM integration with applications (AD, OID, OVD, EBS, SAP, HR, LDAP)
    29. 500 Internal server accessing OIM application : com.bea. security.MicroSM. getInstance oracle.iam. platform. authz.impl
    30. Your account is locked. You can unlock your account by going to Forgot Password
    31. OIM 11g : How to find User and Manager details : USR table
    32. OIM 11g : User Detail/Attribute (Description) not visible in OIM User screen : EBS / OID / OIM integration
    33. OIM 11g: The add proxy operation for user XXXXX failed with following error oracle. bpel. services. workflow. client. workflowservieclientException javax.xml.ws.WebServiceException could not determine wsdl ports
    34. Oracle Identity Manager BP07 for 11gR1 PS1 (16097399) is now available – (Part of Identity Management SUite BP03 16209876)
    35. OIM 11g : SQL to List User’s Manager
    36. OIM integrated with OAM (SSO) showing OIM login screen : User Soft Locked
    37. OIM 11g: Beware if you are applying WebLogic patch !
    38. Help Me : Microsoft Active Directory Password Sync version and latest patch for Oracle Identity Manager
    39. Upgrade OIM connector for Microsoft Exchange to Part I
    40. OIM Administrators : Is your OIM database Growing ? Do you purge enough ?
    41. EBS Integration with OIM : Employee Reconciliation : NumberFormatException: “BUSINESS_GROUP_ID”
    42. OIM EBS User Management : eBusiness UM Lookup Definition Reconciliation failed with Invalid Schedule Task Parameter

    6 Responses to “OIM 11g Challenge Questions (PCQ) for forgot password”

    1. IAM Consultant says:

      Hi Atul

      Have you tried the following OIM 11g:

      c) Click on Add/Delete button to add or delete challenge questions

      As far as I know, this shouldn’t work as per OIM 11g design.

    2. Atul Kumar says:

      @ IAM Consultant,
      Yes I tried adding few questions and I could see new challenge question.

      Could you please share documentation which says this should not work ?

    3. sinraj72 says:

      Hi Atul,

      I am not sure whether this is righ thread or not, but wanted to know is there any mechnaism available whereby “Forgot Password” option can be used with OAM 11g without using OIM 11g? Is there any feature available in OID to use “Forgot passowrd” option to a certain extent?

      A prompt reply will support me a lot

      • Atul Kumar says:

        As mentioned in reply to other comment, I am not aware of configuring Forgot Password without using OIM 11g or any other IDM product (or custom application). You can use ODSM to reset password (only if you have an existing password)

    4. NC says:

      Hi Atul,

      I wanted to know if we can put rules on challenge questions. For e.g question is my favourite color, answer should not be “color”. How can we implemement such rules?

      Thanks for your help!

    5. […] in October 16th, 2012 byAtul Kumar in OIM I discussed about challenge questions in OIM here , In this post I am going to cover everything you must know about challenge questions in […]

    Leave a Reply

  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP