vandepitte Absent Member.
Absent Member.
1060 views

NMAS Challenge/Response API

Hi,

I'm trying out the source code
(http://www.novell.com/developer/ndk/novell_modular_authentication_service.html)
for setting the challenge and response of a user. Unfortunately it
doesn't work: when calling the forgotten password for that user in the
user app, an error appears ("Answers to challenge response questions
have not been set, or cannot be read at this time.") instead of a
challenge. A password policy (with "Enable Forgotten Password" and
"Allow user to reset password (Requires challenge set and Universal
Password options)" enabled) is set and assigned to the user, so this
should not be the problem

---
Sample Code (adapted to my environment)
---
// Setup password manager
Hashtable env = new Hashtable();
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://my.idv");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=admin,dc=admins,dc=system");
env.put(Context.SECURITY_CREDENTIALS, "somepassword");
LdapContext context = new InitialLdapContext(env, null);
NMASChallengeResponseMgr crmgr = new NMASChallengeResponseMgr(context);

// read challenge
InputStream in = this.getClass().getResourceAsStream("/challenges.xml");
StringWriter writer = new StringWriter();
IOUtils.copy(in, writer);
String challenge = writer.toString();

// write challenge questions
String userDN= "cn=user01,dc=accounts,dc=data";
crmgr.setChallengeQuestions(userDN, challenge);

// write response
crmgr.setChallengeResponses(userDN, new String[] {"Enter Activation
Code"} , new String[] {"activationcode"});
---

challenges.xml is a file located in my classpath, IOUtils is a utility
class from commons-io

---
challenges.xml
---
<Challenges RandomQuestions="1" GUID="123456">
<Challenge Define="Admin" Type="Required" MinLength="2"
MaxLength="20">Enter Activation Code</Challenge>
</Challenges>
---

The code runs without exceptions and these attributes were added to the
user after executing the sample code:

---
sASLoginConfiguration:: RAAAAAUAAAAEAAAAHwAAAEMAaABhAGwAbABlAG4AZwBlAFIAZQBz

AHAAbwBuAHMAZQBRAHUAZQBzAHQAaQBvAG4AcwD4AAAANSjjHg3umCHa4hQi8nTbXx4Nv4XduA6

2Z89Kk5nDTaO7JGl4HUNqZecRjT0CHqdjEBQMOs4hvV09/Ubfl5/aIVnbmkLOfOW1zxh++Kqbl5

uc1gGGZuyw2raClBUWlT0dBnW4MQVa8ZYndbXWr0VstNdwrYqzf38Sj05kJ025AWgwD21cFEySO

+Kma9vfeYFXz48dEOrC2OQPhDolc/YgOLGFnca05fELMbvVVauwt41oNL1EGNp6Lj3iClPCfC1p

6goiGtTg3CYu3BFzdAbuHveyuSt+ac3O3bldn9+LGYpSi1IcLRiGmm5tgBgsuEO2K6pqOZiI7GA
=
sASLoginConfigurationKey:: AAAAAM4AAAAwgcswgZMCAgIAAgEDMDICAQMGC2CGSAGG+DcBA

ggaAgIAqAIBAgIDEQAAgRTlBFwf0Fl0QihiEX9w+BOpHMj7qAQgHYIGZjkruB7oz7b0UGw9G9FE

BBA55gxv9tS8LDr/JdgwIgYLYIZIAYb4NwECCBswEzARAgUAgAAABAQITk1BU0lWMDKCEN13cO8

O2qkKKcqXZ5hE46EwMzAPBgtghkgBhvg3AQIIDgUABCDLTFl0n5CVJQpAG7h/DeZiywp/8Pi6S7
LKTBygosWQiQ==
sASLoginSecret:: OgAAAAUAAAAEAAAAHwAAAEUAbgB0AGUAcgAgAEEAYwB0AGkAdgBhAHQAaQB

vAG4AIABDAG8AZABlAFgAAADi2bktbDv2cziSChUN1yeBaMzdIS6HKPOi8hA+M8Qso8u0b7kano
qhottl+KSA3GsEZDl/cBPNSeVZY92BggWDjg6mcouk7aXgWT3bxbRsDrpwJnfrakJk
sASLoginSecretKey:: AAAAAM4AAAAwgcswgZMCAgIAAgEDMDICAQMGC2CGSAGG+DcBAggaAgIA

qAIBAgIDEQAAgRQeVRJ5A7XxpM5OgrUJAidGifomSwQgQuWDMTaykwcJJwPvta9FmcNqY/NxvEz

CTWCbyPJsBJMwIgYLYIZIAYb4NwECCBswEzARAgUAgAAABAQITk1BU0lWMDKCEN13cO8O2qkKKc

qXZ5hE46EwMzAPBgtghkgBhvg3AQIIDgUABCBGVqF8bhYoPagdGSQjtrxMmDx62uEUAW5Uk5P6c
ayNIg==
---

The sample code on the website is rather old and perhaps outdated? The
version of the user app i'm currently working on is
Identity Manager Roles Based Provisioning Module Version 4.0.0 Build
Revision 36902

Best regards

Pieter
Labels (1)
0 Likes
6 Replies
TE Super Contributor.
Super Contributor.

Re: NMAS Challenge/Response API


vandepitte;2155540 Wrote:
> Hi,
>
> I'm trying out the source code
> ('Novell Modular Authentication Service'
> (http://www.novell.com/developer/ndk/novell_modular_authentication_service.html))
> for setting the challenge and response of a user. Unfortunately it
> doesn't work: when calling the forgotten password for that user in the
> user app, an error appears ("Answers to challenge response questions
> have not been set, or cannot be read at this time.") instead of a
> challenge. A password policy (with "Enable Forgotten Password" and
> "Allow user to reset password (Requires challenge set and Universal
> Password options)" enabled) is set and assigned to the user, so this
> should not be the problem
>
> ---
> Sample Code (adapted to my environment)
> ---
> // Setup password manager
> Hashtable env = new Hashtable();
> env.put(Context.SECURITY_PROTOCOL, "ssl");
> env.put(Context.INITIAL_CONTEXT_FACTORY,
> "com.sun.jndi.ldap.LdapCtxFactory");
> env.put(Context.PROVIDER_URL, "ldap://my.idv");
> env.put(Context.SECURITY_AUTHENTICATION, "simple");
> env.put(Context.SECURITY_PRINCIPAL, "cn=admin,dc=admins,dc=system");
> env.put(Context.SECURITY_CREDENTIALS, "somepassword");
> LdapContext context = new InitialLdapContext(env, null);
> NMASChallengeResponseMgr crmgr = new
> NMASChallengeResponseMgr(context);
>
> // read challenge
> InputStream in =
> this.getClass().getResourceAsStream("/challenges.xml");
> StringWriter writer = new StringWriter();
> IOUtils.copy(in, writer);
> String challenge = writer.toString();
>
> // write challenge questions
> String userDN= "cn=user01,dc=accounts,dc=data";
> crmgr.setChallengeQuestions(userDN, challenge);
>
> // write response
> crmgr.setChallengeResponses(userDN, new String[] {"Enter Activation
> Code"} , new String[] {"activationcode"});
> ---
>
> challenges.xml is a file located in my classpath, IOUtils is a utility
> class from commons-io
>
> ---
> challenges.xml
> ---
> <Challenges RandomQuestions="1" GUID="123456">
> <Challenge Define="Admin" Type="Required" MinLength="2"
> MaxLength="20">Enter Activation Code</Challenge>
> </Challenges>
> ---
>
> The code runs without exceptions and these attributes were added to
> the
> user after executing the sample code:
>
> ---
> sASLoginConfiguration::
> RAAAAAUAAAAEAAAAHwAAAEMAaABhAGwAbABlAG4AZwBlAFIAZQBz
>
> AHAAbwBuAHMAZQBRAHUAZQBzAHQAaQBvAG4AcwD4AAAANSjjHg3umCHa4hQi8nTbXx4Nv4XduA6
>
> 2Z89Kk5nDTaO7JGl4HUNqZecRjT0CHqdjEBQMOs4hvV09/Ubfl5/aIVnbmkLOfOW1zxh++Kqbl5
>
> uc1gGGZuyw2raClBUWlT0dBnW4MQVa8ZYndbXWr0VstNdwrYqzf38Sj05kJ025AWgwD21cFEySO
>
> +Kma9vfeYFXz48dEOrC2OQPhDolc/YgOLGFnca05fELMbvVVauwt41oNL1EGNp6Lj3iClPCfC1p
>
> 6goiGtTg3CYu3BFzdAbuHveyuSt+ac3O3bldn9+LGYpSi1IcLRiGmm5tgBgsuEO2K6pqOZiI7GA
> =
> sASLoginConfigurationKey::
> AAAAAM4AAAAwgcswgZMCAgIAAgEDMDICAQMGC2CGSAGG+DcBA
>
> ggaAgIAqAIBAgIDEQAAgRTlBFwf0Fl0QihiEX9w+BOpHMj7qAQgHYIGZjkruB7oz7b0UGw9G9FE
>
> BBA55gxv9tS8LDr/JdgwIgYLYIZIAYb4NwECCBswEzARAgUAgAAABAQITk1BU0lWMDKCEN13cO8
>
> O2qkKKcqXZ5hE46EwMzAPBgtghkgBhvg3AQIIDgUABCDLTFl0n5CVJQpAG7h/DeZiywp/8Pi6S7
> LKTBygosWQiQ==
> sASLoginSecret::
> OgAAAAUAAAAEAAAAHwAAAEUAbgB0AGUAcgAgAEEAYwB0AGkAdgBhAHQAaQB
>
> vAG4AIABDAG8AZABlAFgAAADi2bktbDv2cziSChUN1yeBaMzdIS6HKPOi8hA+M8Qso8u0b7kano
> qhottl+KSA3GsEZDl/cBPNSeVZY92BggWDjg6mcouk7aXgWT3bxbRsDrpwJnfrakJk
> sASLoginSecretKey::
> AAAAAM4AAAAwgcswgZMCAgIAAgEDMDICAQMGC2CGSAGG+DcBAggaAgIA
>
> qAIBAgIDEQAAgRQeVRJ5A7XxpM5OgrUJAidGifomSwQgQuWDMTaykwcJJwPvta9FmcNqY/NxvEz
>
> CTWCbyPJsBJMwIgYLYIZIAYb4NwECCBswEzARAgUAgAAABAQITk1BU0lWMDKCEN13cO8O2qkKKc
>
> qXZ5hE46EwMzAPBgtghkgBhvg3AQIIDgUABCBGVqF8bhYoPagdGSQjtrxMmDx62uEUAW5Uk5P6c
> ayNIg==
> ---
>
> The sample code on the website is rather old and perhaps outdated? The
> version of the user app i'm currently working on is
> Identity Manager Roles Based Provisioning Module Version 4.0.0 Build
> Revision 36902
>
> Best regards
>
> Pieter


Did the user login to User App and answer their Challenge questions
yet? If not, then that is what you'll see. The Challenge Set questions
must be answered before you can use them. You can check the user object
via an LDAP browser (Apache Directory Studio). I forget the attribute
names, offhand, but they will be present and populated if the user
answers the challenge set. If they do have the attributes, then UA is
not recognizing them for some reason. The attributes will have the
questions and answers in them, questions in clear text, answers
encrypted.

You might also look into updates on UA, I think they are up to 4.0.1.


--
tse7147
------------------------------------------------------------------------
tse7147's Profile: http://forums.novell.com/member.php?userid=4730
View this thread: http://forums.novell.com/showthread.php?t=448552

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: NMAS Challenge/Response API

> Did the user login to User App and answer their Challenge questions
> yet? If not, then that is what you'll see. The Challenge Set questions
> must be answered before you can use them. You can check the user object
> via an LDAP browser (Apache Directory Studio). I forget the attribute
> names, offhand, but they will be present and populated if the user


sasLoginConfiguration* (there are four possible attrs involved, two have
the rest of the name + Key).

0 Likes
vandepitte Absent Member.
Absent Member.

Re: NMAS Challenge/Response API

Thanks for your answer,

So, if I understand you well, this means I cannot set the _responses_ of
the challenge with the NMAS APIs? What does the api call
setChallengeResponses do?
(http://developer.novell.com/documentation/nmas/nmas_enu/api/com/novell/security/nmas/mgmt/NMASChallengeResponseMgr.html#setChallengeResponses%28java.lang.String,%20java.lang.String[],%20java.lang.String[]%29)

Kind regards

Pieter

On 22/11/2011 5:26, tse7147 wrote:
>
> vandepitte;2155540 Wrote:
>> Hi,
>>
>> I'm trying out the source code
>> ('Novell Modular Authentication Service'
>> (http://www.novell.com/developer/ndk/novell_modular_authentication_service.html))
>> for setting the challenge and response of a user. Unfortunately it
>> doesn't work: when calling the forgotten password for that user in the
>> user app, an error appears ("Answers to challenge response questions
>> have not been set, or cannot be read at this time.") instead of a
>> challenge. A password policy (with "Enable Forgotten Password" and
>> "Allow user to reset password (Requires challenge set and Universal
>> Password options)" enabled) is set and assigned to the user, so this
>> should not be the problem
>>
>> ---
>> Sample Code (adapted to my environment)
>> ---
>> // Setup password manager
>> Hashtable env = new Hashtable();
>> env.put(Context.SECURITY_PROTOCOL, "ssl");
>> env.put(Context.INITIAL_CONTEXT_FACTORY,
>> "com.sun.jndi.ldap.LdapCtxFactory");
>> env.put(Context.PROVIDER_URL, "ldap://my.idv");
>> env.put(Context.SECURITY_AUTHENTICATION, "simple");
>> env.put(Context.SECURITY_PRINCIPAL, "cn=admin,dc=admins,dc=system");
>> env.put(Context.SECURITY_CREDENTIALS, "somepassword");
>> LdapContext context = new InitialLdapContext(env, null);
>> NMASChallengeResponseMgr crmgr = new
>> NMASChallengeResponseMgr(context);
>>
>> // read challenge
>> InputStream in =
>> this.getClass().getResourceAsStream("/challenges.xml");
>> StringWriter writer = new StringWriter();
>> IOUtils.copy(in, writer);
>> String challenge = writer.toString();
>>
>> // write challenge questions
>> String userDN= "cn=user01,dc=accounts,dc=data";
>> crmgr.setChallengeQuestions(userDN, challenge);
>>
>> // write response
>> crmgr.setChallengeResponses(userDN, new String[] {"Enter Activation
>> Code"} , new String[] {"activationcode"});
>> ---
>>
>> challenges.xml is a file located in my classpath, IOUtils is a utility
>> class from commons-io
>>
>> ---
>> challenges.xml
>> ---
>> <Challenges RandomQuestions="1" GUID="123456">
>> <Challenge Define="Admin" Type="Required" MinLength="2"
>> MaxLength="20">Enter Activation Code</Challenge>
>> </Challenges>
>> ---
>>
>> The code runs without exceptions and these attributes were added to
>> the
>> user after executing the sample code:
>>
>> ---
>> sASLoginConfiguration::
>> RAAAAAUAAAAEAAAAHwAAAEMAaABhAGwAbABlAG4AZwBlAFIAZQBz
>>
>> AHAAbwBuAHMAZQBRAHUAZQBzAHQAaQBvAG4AcwD4AAAANSjjHg3umCHa4hQi8nTbXx4Nv4XduA6
>>
>> 2Z89Kk5nDTaO7JGl4HUNqZecRjT0CHqdjEBQMOs4hvV09/Ubfl5/aIVnbmkLOfOW1zxh++Kqbl5
>>
>> uc1gGGZuyw2raClBUWlT0dBnW4MQVa8ZYndbXWr0VstNdwrYqzf38Sj05kJ025AWgwD21cFEySO
>>
>> +Kma9vfeYFXz48dEOrC2OQPhDolc/YgOLGFnca05fELMbvVVauwt41oNL1EGNp6Lj3iClPCfC1p
>>
>> 6goiGtTg3CYu3BFzdAbuHveyuSt+ac3O3bldn9+LGYpSi1IcLRiGmm5tgBgsuEO2K6pqOZiI7GA
>> =
>> sASLoginConfigurationKey::
>> AAAAAM4AAAAwgcswgZMCAgIAAgEDMDICAQMGC2CGSAGG+DcBA
>>
>> ggaAgIAqAIBAgIDEQAAgRTlBFwf0Fl0QihiEX9w+BOpHMj7qAQgHYIGZjkruB7oz7b0UGw9G9FE
>>
>> BBA55gxv9tS8LDr/JdgwIgYLYIZIAYb4NwECCBswEzARAgUAgAAABAQITk1BU0lWMDKCEN13cO8
>>
>> O2qkKKcqXZ5hE46EwMzAPBgtghkgBhvg3AQIIDgUABCDLTFl0n5CVJQpAG7h/DeZiywp/8Pi6S7
>> LKTBygosWQiQ==
>> sASLoginSecret::
>> OgAAAAUAAAAEAAAAHwAAAEUAbgB0AGUAcgAgAEEAYwB0AGkAdgBhAHQAaQB
>>
>> vAG4AIABDAG8AZABlAFgAAADi2bktbDv2cziSChUN1yeBaMzdIS6HKPOi8hA+M8Qso8u0b7kano
>> qhottl+KSA3GsEZDl/cBPNSeVZY92BggWDjg6mcouk7aXgWT3bxbRsDrpwJnfrakJk
>> sASLoginSecretKey::
>> AAAAAM4AAAAwgcswgZMCAgIAAgEDMDICAQMGC2CGSAGG+DcBAggaAgIA
>>
>> qAIBAgIDEQAAgRQeVRJ5A7XxpM5OgrUJAidGifomSwQgQuWDMTaykwcJJwPvta9FmcNqY/NxvEz
>>
>> CTWCbyPJsBJMwIgYLYIZIAYb4NwECCBswEzARAgUAgAAABAQITk1BU0lWMDKCEN13cO8O2qkKKc
>>
>> qXZ5hE46EwMzAPBgtghkgBhvg3AQIIDgUABCBGVqF8bhYoPagdGSQjtrxMmDx62uEUAW5Uk5P6c
>> ayNIg==
>> ---
>>
>> The sample code on the website is rather old and perhaps outdated? The
>> version of the user app i'm currently working on is
>> Identity Manager Roles Based Provisioning Module Version 4.0.0 Build
>> Revision 36902
>>
>> Best regards
>>
>> Pieter

>
> Did the user login to User App and answer their Challenge questions
> yet? If not, then that is what you'll see. The Challenge Set questions
> must be answered before you can use them. You can check the user object
> via an LDAP browser (Apache Directory Studio). I forget the attribute
> names, offhand, but they will be present and populated if the user
> answers the challenge set. If they do have the attributes, then UA is
> not recognizing them for some reason. The attributes will have the
> questions and answers in them, questions in clear text, answers
> encrypted.
>
> You might also look into updates on UA, I think they are up to 4.0.1.
>
>


0 Likes
vandepitte Absent Member.
Absent Member.

Re: NMAS Challenge/Response API

Thanks for your answer,

So, if I understand you well, this means I cannot set the _responses_ of
the challenge with the NMAS APIs? What does the api call
setChallengeResponses do?
(http://developer.novell.com/documentation/nmas/nmas_enu/api/com/novell/security/nmas/mgmt/NMASChallengeResponseMgr.html#setChallengeResponses%28java.lang.String,%20java.lang.String[],%20java.lang.String[]%29)

Kind regards

Pieter

On 22/11/2011 5:26, tse7147 wrote:
>
> vandepitte;2155540 Wrote:
>> Hi,
>>
>> I'm trying out the source code
>> ('Novell Modular Authentication Service'
>> (http://www.novell.com/developer/ndk/novell_modular_authentication_service.html))
>> for setting the challenge and response of a user. Unfortunately it
>> doesn't work: when calling the forgotten password for that user in the
>> user app, an error appears ("Answers to challenge response questions
>> have not been set, or cannot be read at this time.") instead of a
>> challenge. A password policy (with "Enable Forgotten Password" and
>> "Allow user to reset password (Requires challenge set and Universal
>> Password options)" enabled) is set and assigned to the user, so this
>> should not be the problem
>>
>> ---
>> Sample Code (adapted to my environment)
>> ---
>> // Setup password manager
>> Hashtable env = new Hashtable();
>> env.put(Context.SECURITY_PROTOCOL, "ssl");
>> env.put(Context.INITIAL_CONTEXT_FACTORY,
>> "com.sun.jndi.ldap.LdapCtxFactory");
>> env.put(Context.PROVIDER_URL, "ldap://my.idv");
>> env.put(Context.SECURITY_AUTHENTICATION, "simple");
>> env.put(Context.SECURITY_PRINCIPAL, "cn=admin,dc=admins,dc=system");
>> env.put(Context.SECURITY_CREDENTIALS, "somepassword");
>> LdapContext context = new InitialLdapContext(env, null);
>> NMASChallengeResponseMgr crmgr = new
>> NMASChallengeResponseMgr(context);
>>
>> // read challenge
>> InputStream in =
>> this.getClass().getResourceAsStream("/challenges.xml");
>> StringWriter writer = new StringWriter();
>> IOUtils.copy(in, writer);
>> String challenge = writer.toString();
>>
>> // write challenge questions
>> String userDN= "cn=user01,dc=accounts,dc=data";
>> crmgr.setChallengeQuestions(userDN, challenge);
>>
>> // write response
>> crmgr.setChallengeResponses(userDN, new String[] {"Enter Activation
>> Code"} , new String[] {"activationcode"});
>> ---
>>
>> challenges.xml is a file located in my classpath, IOUtils is a utility
>> class from commons-io
>>
>> ---
>> challenges.xml
>> ---
>> <Challenges RandomQuestions="1" GUID="123456">
>> <Challenge Define="Admin" Type="Required" MinLength="2"
>> MaxLength="20">Enter Activation Code</Challenge>
>> </Challenges>
>> ---
>>
>> The code runs without exceptions and these attributes were added to
>> the
>> user after executing the sample code:
>>
>> ---
>> sASLoginConfiguration::
>> RAAAAAUAAAAEAAAAHwAAAEMAaABhAGwAbABlAG4AZwBlAFIAZQBz
>>
>> AHAAbwBuAHMAZQBRAHUAZQBzAHQAaQBvAG4AcwD4AAAANSjjHg3umCHa4hQi8nTbXx4Nv4XduA6
>>
>> 2Z89Kk5nDTaO7JGl4HUNqZecRjT0CHqdjEBQMOs4hvV09/Ubfl5/aIVnbmkLOfOW1zxh++Kqbl5
>>
>> uc1gGGZuyw2raClBUWlT0dBnW4MQVa8ZYndbXWr0VstNdwrYqzf38Sj05kJ025AWgwD21cFEySO
>>
>> +Kma9vfeYFXz48dEOrC2OQPhDolc/YgOLGFnca05fELMbvVVauwt41oNL1EGNp6Lj3iClPCfC1p
>>
>> 6goiGtTg3CYu3BFzdAbuHveyuSt+ac3O3bldn9+LGYpSi1IcLRiGmm5tgBgsuEO2K6pqOZiI7GA
>> =
>> sASLoginConfigurationKey::
>> AAAAAM4AAAAwgcswgZMCAgIAAgEDMDICAQMGC2CGSAGG+DcBA
>>
>> ggaAgIAqAIBAgIDEQAAgRTlBFwf0Fl0QihiEX9w+BOpHMj7qAQgHYIGZjkruB7oz7b0UGw9G9FE
>>
>> BBA55gxv9tS8LDr/JdgwIgYLYIZIAYb4NwECCBswEzARAgUAgAAABAQITk1BU0lWMDKCEN13cO8
>>
>> O2qkKKcqXZ5hE46EwMzAPBgtghkgBhvg3AQIIDgUABCDLTFl0n5CVJQpAG7h/DeZiywp/8Pi6S7
>> LKTBygosWQiQ==
>> sASLoginSecret::
>> OgAAAAUAAAAEAAAAHwAAAEUAbgB0AGUAcgAgAEEAYwB0AGkAdgBhAHQAaQB
>>
>> vAG4AIABDAG8AZABlAFgAAADi2bktbDv2cziSChUN1yeBaMzdIS6HKPOi8hA+M8Qso8u0b7kano
>> qhottl+KSA3GsEZDl/cBPNSeVZY92BggWDjg6mcouk7aXgWT3bxbRsDrpwJnfrakJk
>> sASLoginSecretKey::
>> AAAAAM4AAAAwgcswgZMCAgIAAgEDMDICAQMGC2CGSAGG+DcBAggaAgIA
>>
>> qAIBAgIDEQAAgRQeVRJ5A7XxpM5OgrUJAidGifomSwQgQuWDMTaykwcJJwPvta9FmcNqY/NxvEz
>>
>> CTWCbyPJsBJMwIgYLYIZIAYb4NwECCBswEzARAgUAgAAABAQITk1BU0lWMDKCEN13cO8O2qkKKc
>>
>> qXZ5hE46EwMzAPBgtghkgBhvg3AQIIDgUABCBGVqF8bhYoPagdGSQjtrxMmDx62uEUAW5Uk5P6c
>> ayNIg==
>> ---
>>
>> The sample code on the website is rather old and perhaps outdated? The
>> version of the user app i'm currently working on is
>> Identity Manager Roles Based Provisioning Module Version 4.0.0 Build
>> Revision 36902
>>
>> Best regards
>>
>> Pieter

>
> Did the user login to User App and answer their Challenge questions
> yet? If not, then that is what you'll see. The Challenge Set questions
> must be answered before you can use them. You can check the user object
> via an LDAP browser (Apache Directory Studio). I forget the attribute
> names, offhand, but they will be present and populated if the user
> answers the challenge set. If they do have the attributes, then UA is
> not recognizing them for some reason. The attributes will have the
> questions and answers in them, questions in clear text, answers
> encrypted.
>
> You might also look into updates on UA, I think they are up to 4.0.1.
>
>


0 Likes
vandepitte Absent Member.
Absent Member.

Re: NMAS Challenge/Response API

Thanks for your answer,

So this means I cannot set the _responses_ of the challenge with the
NMAS APIs? What does the api call setChallengeResponses do?
(http://developer.novell.com/documentation/nmas/nmas_enu/api/com/novell/security/nmas/mgmt/NMASChallengeResponseMgr.html#setChallengeResponses%28java.lang.String,%20java.lang.String[],%20java.lang.String[]%29)

Kind regards

Pieter

On 22/11/2011 5:26, tse7147 wrote:
>
> vandepitte;2155540 Wrote:
>> Hi,
>>
>> I'm trying out the source code
>> ('Novell Modular Authentication Service'
>> (http://www.novell.com/developer/ndk/novell_modular_authentication_service.html))
>> for setting the challenge and response of a user. Unfortunately it
>> doesn't work: when calling the forgotten password for that user in the
>> user app, an error appears ("Answers to challenge response questions
>> have not been set, or cannot be read at this time.") instead of a
>> challenge. A password policy (with "Enable Forgotten Password" and
>> "Allow user to reset password (Requires challenge set and Universal
>> Password options)" enabled) is set and assigned to the user, so this
>> should not be the problem
>>
>> ---
>> Sample Code (adapted to my environment)
>> ---
>> // Setup password manager
>> Hashtable env = new Hashtable();
>> env.put(Context.SECURITY_PROTOCOL, "ssl");
>> env.put(Context.INITIAL_CONTEXT_FACTORY,
>> "com.sun.jndi.ldap.LdapCtxFactory");
>> env.put(Context.PROVIDER_URL, "ldap://my.idv");
>> env.put(Context.SECURITY_AUTHENTICATION, "simple");
>> env.put(Context.SECURITY_PRINCIPAL, "cn=admin,dc=admins,dc=system");
>> env.put(Context.SECURITY_CREDENTIALS, "somepassword");
>> LdapContext context = new InitialLdapContext(env, null);
>> NMASChallengeResponseMgr crmgr = new
>> NMASChallengeResponseMgr(context);
>>
>> // read challenge
>> InputStream in =
>> this.getClass().getResourceAsStream("/challenges.xml");
>> StringWriter writer = new StringWriter();
>> IOUtils.copy(in, writer);
>> String challenge = writer.toString();
>>
>> // write challenge questions
>> String userDN= "cn=user01,dc=accounts,dc=data";
>> crmgr.setChallengeQuestions(userDN, challenge);
>>
>> // write response
>> crmgr.setChallengeResponses(userDN, new String[] {"Enter Activation
>> Code"} , new String[] {"activationcode"});
>> ---
>>
>> challenges.xml is a file located in my classpath, IOUtils is a utility
>> class from commons-io
>>
>> ---
>> challenges.xml
>> ---
>> <Challenges RandomQuestions="1" GUID="123456">
>> <Challenge Define="Admin" Type="Required" MinLength="2"
>> MaxLength="20">Enter Activation Code</Challenge>
>> </Challenges>
>> ---
>>
>> The code runs without exceptions and these attributes were added to
>> the
>> user after executing the sample code:
>>
>> ---
>> sASLoginConfiguration::
>> RAAAAAUAAAAEAAAAHwAAAEMAaABhAGwAbABlAG4AZwBlAFIAZQBz
>>
>> AHAAbwBuAHMAZQBRAHUAZQBzAHQAaQBvAG4AcwD4AAAANSjjHg3umCHa4hQi8nTbXx4Nv4XduA6
>>
>> 2Z89Kk5nDTaO7JGl4HUNqZecRjT0CHqdjEBQMOs4hvV09/Ubfl5/aIVnbmkLOfOW1zxh++Kqbl5
>>
>> uc1gGGZuyw2raClBUWlT0dBnW4MQVa8ZYndbXWr0VstNdwrYqzf38Sj05kJ025AWgwD21cFEySO
>>
>> +Kma9vfeYFXz48dEOrC2OQPhDolc/YgOLGFnca05fELMbvVVauwt41oNL1EGNp6Lj3iClPCfC1p
>>
>> 6goiGtTg3CYu3BFzdAbuHveyuSt+ac3O3bldn9+LGYpSi1IcLRiGmm5tgBgsuEO2K6pqOZiI7GA
>> =
>> sASLoginConfigurationKey::
>> AAAAAM4AAAAwgcswgZMCAgIAAgEDMDICAQMGC2CGSAGG+DcBA
>>
>> ggaAgIAqAIBAgIDEQAAgRTlBFwf0Fl0QihiEX9w+BOpHMj7qAQgHYIGZjkruB7oz7b0UGw9G9FE
>>
>> BBA55gxv9tS8LDr/JdgwIgYLYIZIAYb4NwECCBswEzARAgUAgAAABAQITk1BU0lWMDKCEN13cO8
>>
>> O2qkKKcqXZ5hE46EwMzAPBgtghkgBhvg3AQIIDgUABCDLTFl0n5CVJQpAG7h/DeZiywp/8Pi6S7
>> LKTBygosWQiQ==
>> sASLoginSecret::
>> OgAAAAUAAAAEAAAAHwAAAEUAbgB0AGUAcgAgAEEAYwB0AGkAdgBhAHQAaQB
>>
>> vAG4AIABDAG8AZABlAFgAAADi2bktbDv2cziSChUN1yeBaMzdIS6HKPOi8hA+M8Qso8u0b7kano
>> qhottl+KSA3GsEZDl/cBPNSeVZY92BggWDjg6mcouk7aXgWT3bxbRsDrpwJnfrakJk
>> sASLoginSecretKey::
>> AAAAAM4AAAAwgcswgZMCAgIAAgEDMDICAQMGC2CGSAGG+DcBAggaAgIA
>>
>> qAIBAgIDEQAAgRQeVRJ5A7XxpM5OgrUJAidGifomSwQgQuWDMTaykwcJJwPvta9FmcNqY/NxvEz
>>
>> CTWCbyPJsBJMwIgYLYIZIAYb4NwECCBswEzARAgUAgAAABAQITk1BU0lWMDKCEN13cO8O2qkKKc
>>
>> qXZ5hE46EwMzAPBgtghkgBhvg3AQIIDgUABCBGVqF8bhYoPagdGSQjtrxMmDx62uEUAW5Uk5P6c
>> ayNIg==
>> ---
>>
>> The sample code on the website is rather old and perhaps outdated? The
>> version of the user app i'm currently working on is
>> Identity Manager Roles Based Provisioning Module Version 4.0.0 Build
>> Revision 36902
>>
>> Best regards
>>
>> Pieter

>
> Did the user login to User App and answer their Challenge questions
> yet? If not, then that is what you'll see. The Challenge Set questions
> must be answered before you can use them. You can check the user object
> via an LDAP browser (Apache Directory Studio). I forget the attribute
> names, offhand, but they will be present and populated if the user
> answers the challenge set. If they do have the attributes, then UA is
> not recognizing them for some reason. The attributes will have the
> questions and answers in them, questions in clear text, answers
> encrypted.
>
> You might also look into updates on UA, I think they are up to 4.0.1.
>
>


0 Likes
jwilleke Honored Contributor.
Honored Contributor.

Re: NMAS Challenge/Response API

Of course you can set the responses to the challenges.

We have done several custom implementations using the poorly documented APIs.

http://ldapwiki.willeke.com/wiki/NSPM%20Setting%20Challenge%20Answers



On 2011-11-23 08:20:11 +0000, Pieter Vandepitte said:

> Thanks for your answer,
>
> So this means I cannot set the _responses_ of the challenge with the
> NMAS APIs? What does the api call setChallengeResponses do?
> (http://developer.novell.com/documentation/nmas/nmas_enu/api/com/novell/security/nmas/mgmt/NMASChallengeResponseMgr.html#setChallengeResponses%28java.lang.String,%20java.lang.String[],%20java.lang.String[]%29)
>
>
> Kind regards
>
> Pieter
>
> On 22/11/2011 5:26, tse7147 wrote:
>>
>> vandepitte;2155540 Wrote:
>>> Hi,
>>>
>>> I'm trying out the source code
>>> ('Novell Modular Authentication Service'
>>> (http://www.novell.com/developer/ndk/novell_modular_authentication_service.html))
>>>
>>> for setting the challenge and response of a user. Unfortunately it
>>> doesn't work: when calling the forgotten password for that user in the
>>> user app, an error appears ("Answers to challenge response questions
>>> have not been set, or cannot be read at this time.") instead of a
>>> challenge. A password policy (with "Enable Forgotten Password" and
>>> "Allow user to reset password (Requires challenge set and Universal
>>> Password options)" enabled) is set and assigned to the user, so this
>>> should not be the problem
>>>
>>> ---
>>> Sample Code (adapted to my environment)
>>> ---
>>> // Setup password manager
>>> Hashtable env = new Hashtable();
>>> env.put(Context.SECURITY_PROTOCOL, "ssl");
>>> env.put(Context.INITIAL_CONTEXT_FACTORY,
>>> "com.sun.jndi.ldap.LdapCtxFactory");
>>> env.put(Context.PROVIDER_URL, "ldap://my.idv");
>>> env.put(Context.SECURITY_AUTHENTICATION, "simple");
>>> env.put(Context.SECURITY_PRINCIPAL, "cn=admin,dc=admins,dc=system");
>>> env.put(Context.SECURITY_CREDENTIALS, "somepassword");
>>> LdapContext context = new InitialLdapContext(env, null);
>>> NMASChallengeResponseMgr crmgr = new
>>> NMASChallengeResponseMgr(context);
>>>
>>> // read challenge
>>> InputStream in =
>>> this.getClass().getResourceAsStream("/challenges.xml");
>>> StringWriter writer = new StringWriter();
>>> IOUtils.copy(in, writer);
>>> String challenge = writer.toString();
>>>
>>> // write challenge questions
>>> String userDN= "cn=user01,dc=accounts,dc=data";
>>> crmgr.setChallengeQuestions(userDN, challenge);
>>>
>>> // write response
>>> crmgr.setChallengeResponses(userDN, new String[] {"Enter Activation
>>> Code"} , new String[] {"activationcode"});
>>> ---
>>>
>>> challenges.xml is a file located in my classpath, IOUtils is a utility
>>> class from commons-io
>>>
>>> ---
>>> challenges.xml
>>> ---
>>> <Challenges RandomQuestions="1" GUID="123456">
>>> <Challenge Define="Admin" Type="Required" MinLength="2"
>>> MaxLength="20">Enter Activation Code</Challenge>
>>> </Challenges>
>>> ---
>>>
>>> The code runs without exceptions and these attributes were added to
>>> the
>>> user after executing the sample code:
>>>
>>> ---
>>> sASLoginConfiguration::
>>> RAAAAAUAAAAEAAAAHwAAAEMAaABhAGwAbABlAG4AZwBlAFIAZQBz
>>>
>>> AHAAbwBuAHMAZQBRAHUAZQBzAHQAaQBvAG4AcwD4AAAANSjjHg3umCHa4hQi8nTbXx4Nv4XduA6
>>>
>>> 2Z89Kk5nDTaO7JGl4HUNqZecRjT0CHqdjEBQMOs4hvV09/Ubfl5/aIVnbmkLOfOW1zxh++Kqbl5
>>>
>>> uc1gGGZuyw2raClBUWlT0dBnW4MQVa8ZYndbXWr0VstNdwrYqzf38Sj05kJ025AWgwD21cFEySO
>>>
>>> +Kma9vfeYFXz48dEOrC2OQPhDolc/YgOLGFnca05fELMbvVVauwt41oNL1EGNp6Lj3iClPCfC1p
>>>
>>> 6goiGtTg3CYu3BFzdAbuHveyuSt+ac3O3bldn9+LGYpSi1IcLRiGmm5tgBgsuEO2K6pqOZiI7GA
>>> =
>>> sASLoginConfigurationKey::
>>> AAAAAM4AAAAwgcswgZMCAgIAAgEDMDICAQMGC2CGSAGG+DcBA
>>>
>>> ggaAgIAqAIBAgIDEQAAgRTlBFwf0Fl0QihiEX9w+BOpHMj7qAQgHYIGZjkruB7oz7b0UGw9G9FE
>>>
>>> BBA55gxv9tS8LDr/JdgwIgYLYIZIAYb4NwECCBswEzARAgUAgAAABAQITk1BU0lWMDKCEN13cO8
>>>
>>> O2qkKKcqXZ5hE46EwMzAPBgtghkgBhvg3AQIIDgUABCDLTFl0n5CVJQpAG7h/DeZiywp/8Pi6S7
>>> LKTBygosWQiQ==
>>> sASLoginSecret::
>>> OgAAAAUAAAAEAAAAHwAAAEUAbgB0AGUAcgAgAEEAYwB0AGkAdgBhAHQAaQB
>>>
>>> vAG4AIABDAG8AZABlAFgAAADi2bktbDv2cziSChUN1yeBaMzdIS6HKPOi8hA+M8Qso8u0b7kano
>>> qhottl+KSA3GsEZDl/cBPNSeVZY92BggWDjg6mcouk7aXgWT3bxbRsDrpwJnfrakJk
>>> sASLoginSecretKey::
>>> AAAAAM4AAAAwgcswgZMCAgIAAgEDMDICAQMGC2CGSAGG+DcBAggaAgIA
>>>
>>> qAIBAgIDEQAAgRQeVRJ5A7XxpM5OgrUJAidGifomSwQgQuWDMTaykwcJJwPvta9FmcNqY/NxvEz
>>>
>>> CTWCbyPJsBJMwIgYLYIZIAYb4NwECCBswEzARAgUAgAAABAQITk1BU0lWMDKCEN13cO8O2qkKKc
>>>
>>> qXZ5hE46EwMzAPBgtghkgBhvg3AQIIDgUABCBGVqF8bhYoPagdGSQjtrxMmDx62uEUAW5Uk5P6c
>>> ayNIg==
>>> ---
>>>
>>> The sample code on the website is rather old and perhaps outdated? The
>>> version of the user app i'm currently working on is
>>> Identity Manager Roles Based Provisioning Module Version 4.0.0 Build
>>> Revision 36902
>>>
>>> Best regards
>>>
>>> Pieter

>>
>> Did the user login to User App and answer their Challenge questions
>> yet? If not, then that is what you'll see. The Challenge Set questions
>> must be answered before you can use them. You can check the user object
>> via an LDAP browser (Apache Directory Studio). I forget the attribute
>> names, offhand, but they will be present and populated if the user
>> answers the challenge set. If they do have the attributes, then UA is
>> not recognizing them for some reason. The attributes will have the
>> questions and answers in them, questions in clear text, answers
>> encrypted.
>>
>> You might also look into updates on UA, I think they are up to 4.0.1.



--

Thank You for your help!

-jim
Jim Willeke

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.