• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


  • Categories

  • Archive

  • OIM 11g How to add Challenge Questions

    Posted by "" in "OIM" on 2012-10-20

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    Oracle Identity Manager (OIM) 11g by default comes with 4 challenge questions and user must set three challenge questions during first time login . These challenge questions are used to authenticate user in forgot password use case.

    • You can also integrate OIM with OAAM to delegate challenge questions to OAAM
    • For more on OIM challenge questions click here and here

    In this post I am going to cover how to add additional challenge questions in OIM


    High Level Steps to Add additional challenge questions in OIM are

    1. Add Challenge Questions in Lookup Definition Lookup.WebClient.Questions via OIM Design Console. More on Design Console in OIM 11g here and Design Console version 9/10 here

    2. Configure Localisation by adding questions in $ORACLE_HOME/server/customResources - customResources.properties and customResources_en.properties (If you have additional languages configured then add questions in customResources_[lang].properties )

    For example if you add question with code key “What is your favourite website?” and Decode “What is your favourite website?” then you must update file customResources.properties and customResources_en.properties with entry like below (replace any space in code key with -)

    global.Lookup.WebClient.Questions.What-is-your-favourite-website?=What is your favourite website?

    Note: If you have OIM installed on multiple machines for high availability then update these files on all OIM machines.

    3. Test newly added challenge question by creating a new user and login using new user in OIM. Ensure that user can see new challenge questions



    If you see login page hangs after authentication for new user and if you see errors like below in OIM log file then ensure that there is no typo in customResources_en.properties file


    [2012-10-17T10:21:49.052+01:00] [WLS_OIM1] [NOTIFICATION] [IAM-3050013] [oracle.iam.identity.usermgmt.impl] [tid: [ACTIVE].ExecuteThread: ’19’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDo43j7u105Nzk3ye00008w000^yV,0:1] [APP: oim#] [URI: /admin/faces/pages/pwdmgmt.jspx] Searching for users with the specified criteria.

    [2012-10-17T10:21:49.647+01:00] [WLS_OIM2] [WARNING] [] [oracle.iam.ChangePasswordtaskflow.logging] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#] [URI: /admin/faces/pages/pwdmgmt.jspx] User atul2012‘s challenge questions not set

    [2012-10-17T10:21:49.676+01:00] [WLS_OIM1] [ERROR] [] [XELLERATE.ACCOUNTMANAGEMENT] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#] [URI: /admin/faces/pages/pwdmgmt.jspx] Class/Method: tcUserOperationsBean/getChallengeValuesForSelfData encounter some problems: no questions found for ‘407’.

    [2012-10-17T10:21:49.683+01:00] [WLS_OIM1] [WARNING] [] [oracle.iam.ChangePasswordtaskflow.logging] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#] [URI: /admin/faces/pages/pwdmgmt.jspx] Could not get challenges for logged in User

    [2012-10-17T10:21:49.766+01:00] [WLS_OIM1] [NOTIFICATION] [] [oracle.iam.passwordmgmt.impl] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#] [URI: /admin/faces/pages/pwdmgmt.jspx] Cannot find resource for bundle  oracle.iam.platform.utils.OIMCustomResourceBundle@17bfca48, global.Lookup.WebClient.Questions.What-is-the-name-of-your-pet? global.Lookup.WebClient.Questions.What-is-the-name-of-your-pet?


    [2012-10-17T10:21:50.804+01:00] [WLS_OIM1] [NOTIFICATION] [J2EE JSP-00008] [oracle.j2ee.jsp] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#] [URI: /admin/faces/pages/pwdmgmt.jspx] unable to dispatch JSP page: The following exception occurred:.[[

    javax.faces.FacesException: javax.faces.FacesException: oracle.adf.controller.ControllerException: ADFC-10001: cannot instantiate class ‘oracle.iam.ChangePasswordtaskflow.backing.taskflows.ChangePasswordView’

            at com.sun.faces.application.ApplicationImpl.createComponent(ApplicationImpl.java:261)

            at javax.faces.webapp.UIComponentELTag.createComponent(UIComponentELTag.java:222)

            at javax.faces.webapp.UIComponentClassicTagBase.createChild(UIComponentClassicTagBase.java:513)

            at javax.faces.webapp.UIComponentClassicTagBase.findComp



    Caused by: javax.faces.FacesException: oracle.adf.controller.ControllerException: ADFC-10001: cannot instantiate class ‘oracle.iam.ChangePasswordtaskflow.backing.taskflows.ChangePasswordView’

            at oracle.adfinternal.controller.util.Utils.createAndLogFacesException(Utils.java:192)

            at oracle.adfinternal.controller.beans.ManagedBeanFactory.newInstance(ManagedBeanFactory.java:192)

            at oracle.adfinternal.controller.beans.ManagedBeanFactory.instantiateBean(ManagedBeanFactory.java:873)



    Caused by: java.util.MissingResourceException: Can’t find resource for bundle java.util.PropertyResourceBundle, key global.Lookup.WebClient.Questions.What-was-your-favorite-cartoon-charater-as-a-child?

            at java.util.ResourceBundle.getObject(ResourceBundle.java:374)



    [2012-10-17T10:21:50.814+01:00] [WLS_OIM1] [WARNING] [] [oracle.adfinternal.view.faces.lifecycle.LifecycleImpl] [tid: [ACTIVE].ExecuteThread: ‘4’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: atul2012] [ecid: 004n3rDqEB87u105Nzk3ye00008w000^yX,0:1] [APP: oim#] [URI: /admin/faces/pages/pwdmgmt.jspx] ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase RENDER_RESPONSE 6[[

    javax.faces.FacesException: javax.servlet.ServletException: OracleJSP error:

    javax.faces.FacesException: javax.faces.FacesException: oracle.adf.controller.ControllerException: ADFC-10001: cannot instantiate class ‘oracle.iam.ChangePasswordtaskflow.backing.taskflows.ChangePasswordView’

            at com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:415)


    Ensure that there are no typos in customResources_en.properties file and also entry matches with one in lookup definition.







    Related Posts for Identity Manager

    1. Oracle Identity Manager (User Provisioning – Thor)
    2. Installing Oracle Identity Manager (Thor Xellerate)
    3. Oracle Identity Manager 9.1 released
    4. Oracle Identity Manager (Thor Xellerate) Architecture
    5. Resource, Reconciliation, Provisioning and Connector in Oracle Identity Manager #OIM
    6. Oracle Identity Manager (OIM) Connector for Oracle Internet Directory (OID) : Architecture and Overview
    7. Step by Step Installation of OIM Design Console 9.1.0
    8. Error while running PurgeCache in OIM 11g : LoginException unable to find LoginModule class : WebLogic Full Clinet
    9. Integrate OIM 11g with OID using connector for Provisioning / Reconcilliation – Installation
    10. PurgeCache in OIM 11g : CategoryName
    11. OIM LDAP Sync : Overview and Key Points
    12. OIM 11g : How to export/import/delete Files from MDS
    13. Where are OAM details stored in OIM (account unlock, password reset)
    14. libOVD adapters in OIM LDAP Integration : LDAPsync – view and modify Adapter settings (bindDN and bindPassword)
    15. Error Starting OIM Design Console (xlclient.sh) on Linux java.lang. NoClassDefFoundError
    16. OIM 11g Challenge Questions (PCQ) for forgot password
    17. Oracle EBS Integration with OIM (Identity Manager) : Things you should know
    18. Users not synced from OID to OIM : Debug Scheduled Job
    19. OIM Connector for Microsoft : AD, Exchange, Windows, Password Management
    20. Connector Server for OIM connectors : .NET or JAVA
    21. OIM 11g Challenge Questions – Everything you must know
    22. OIM 11g How to add Challenge Questions
    23. OIM : Assign AD resource : An error occurred because the Adapters are not compiled : How to compile adapters in OIM
    24. OIM User Creation : An Error occurred while performing create user operation. Unable to get LDAP connection
    25. OIM – AD integration : Active Directory Group Lookup Recon failed with error Remote Framework Key is invalid
    26. Microsoft Active Directory (AD) to Oracle Identity Manager (OIM) Password Synchronization: Things you must know : Part I
    27. Provision resource “Microsoft Exchange” to user in OIM : Status remains in Provisioning : Part I
    28. Target Resource (or Managed Resource) vs Trusted Source (or Authoritative Source) Mode : OIM integration with applications (AD, OID, OVD, EBS, SAP, HR, LDAP)
    29. 500 Internal server accessing OIM application : com.bea. security.MicroSM. getInstance oracle.iam. platform. authz.impl
    30. Your account is locked. You can unlock your account by going to Forgot Password
    31. OIM 11g : How to find User and Manager details : USR table
    32. OIM 11g : User Detail/Attribute (Description) not visible in OIM User screen : EBS / OID / OIM integration
    33. OIM 11g: The add proxy operation for user XXXXX failed with following error oracle. bpel. services. workflow. client. workflowservieclientException javax.xml.ws.WebServiceException could not determine wsdl ports
    34. Oracle Identity Manager BP07 for 11gR1 PS1 (16097399) is now available – (Part of Identity Management SUite BP03 16209876)
    35. OIM 11g : SQL to List User’s Manager
    36. OIM integrated with OAM (SSO) showing OIM login screen : User Soft Locked
    37. OIM 11g: Beware if you are applying WebLogic patch !
    38. Help Me : Microsoft Active Directory Password Sync version and latest patch for Oracle Identity Manager
    39. Upgrade OIM connector for Microsoft Exchange to Part I
    40. OIM Administrators : Is your OIM database Growing ? Do you purge enough ?
    41. EBS Integration with OIM : Employee Reconciliation : NumberFormatException: “BUSINESS_GROUP_ID”
    42. OIM EBS User Management : eBusiness UM Lookup Definition Reconciliation failed with Invalid Schedule Task Parameter

    5 Responses to “OIM 11g How to add Challenge Questions”

    1. anand says:

      Hi atul,

      We have done with OIM and OAM integration OIM page is getting protected but the issue we got here ,when we try to access identity ,it is redirecting to OAM page fine but on OAM page we cant see the(New User registration,forgot password/forgot user login,Track my registration)

      Please help me out with this issue.

    2. Atul Kumar says:

      @ Anand,

      It looks like during OIM-OAM integration, OAM was not updated (check admin server log file for OAM for issue)

      You must look at
      http://onlineappsdba.com/index.php/2012/09/18/forgot-password-link-on-oam-login-page/ and then check file $DOMAIN_HOME/config/fmwconfig/oam-config.xml

      Do not edit oam-config.xml while OAM or Admin server is running (shut them down first, make backup and then edit file)

    3. anand says:

      Hi Atul,

      It worked absolutely fine.Thanks for your help and support.

    4. PeterZ says:

      So if I have a cluster of OIM servers (WLS_OIM1 and WLS_OIM2) do I make change to customResources_en.properties file on both servers or just on the machine where Admin server is running?

    Leave a Reply

  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP