Anonymous_User Absent Member.
Absent Member.
931 views

Disable challenge questions

Hello,


I am trying to set up SSPR *without* the forgotten-password feature. I
went through everything I could find in the SSPR configuration, as well
as disabling the forgotten password feature in the applicable password
policy. I no longer get the 'forgot password' link in the login page,
but I still get prompted to answer challenge questions when I log in for
the first time. Does anyone know the secret to turning off the
challenge question prompt?

SSPR version 4.3
eDirectory version 8.8.8 SP11


Thanks


0 Likes
8 Replies
Knowledge Partner
Knowledge Partner

Re: Disable challenge questions

On 7/27/2018 2:37 PM, 6423241 wrote:
> Hello,
>
>
> I am trying to set up SSPR *without* the forgotten-password feature. I
> went through everything I could find in the SSPR configuration, as well
> as disabling the forgotten password feature in the applicable password
> policy. I no longer get the 'forgot password' link in the login page,
> but I still get prompted to answer challenge questions when I log in for
> the first time.  Does anyone know the secret to turning off the
> challenge question prompt?


There is a setting where on login you are required to fill in the C/R
questions. Do not have a system handy to query the settings for it.

It is in the challenge Response area.

The thing about SSPR to remember is that the settings are divided
logically but parts interact.

So Forgotten Password can use either C/R, Token, which itself can use
either email or SMS.

So to set SMS token for forgotten password, you configure SMS to talk to
the endpoint to send messages. Youc onfigure Token to define the length
and contents of the token. You configure Fogot Password and tell it to
use C/R.

So it gets confusing at times. In this case I am pretty sure it is near
the C/R settings.


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Disable challenge questions

On Fri, 27 Jul 2018 18:37:11 +0000, 6423241 wrote:

> Hello,
>
>
> I am trying to set up SSPR *without* the forgotten-password feature. I
> went through everything I could find in the SSPR configuration, as well
> as disabling the forgotten password feature in the applicable password
> policy. I no longer get the 'forgot password' link in the login page,
> but I still get prompted to answer challenge questions when I log in for
> the first time. Does anyone know the secret to turning off the
> challenge question prompt?
>
> SSPR version 4.3 eDirectory version 8.8.8 SP11
>
>
> Thanks


It's under Modules -> Authenticated -> Setup Security Questions

Set "Force Response Setup" to disabled (enabled by default)
0 Likes
Knowledge Partner
Knowledge Partner

Re: Disable challenge questions

On 7/31/2018 4:05 PM, Mike Busse wrote:
> On Fri, 27 Jul 2018 18:37:11 +0000, 6423241 wrote:
>
>> Hello,
>>
>>
>> I am trying to set up SSPR *without* the forgotten-password feature. I
>> went through everything I could find in the SSPR configuration, as well
>> as disabling the forgotten password feature in the applicable password
>> policy. I no longer get the 'forgot password' link in the login page,
>> but I still get prompted to answer challenge questions when I log in for
>> the first time. Does anyone know the secret to turning off the
>> challenge question prompt?
>>
>> SSPR version 4.3 eDirectory version 8.8.8 SP11
>>
>>
>> Thanks

>
> It's under Modules -> Authenticated -> Setup Security Questions
>
> Set "Force Response Setup" to disabled (enabled by default)


The thing I always forget, that saves the day, is that there is a search
button inside the Admin settings tool. You have to search to find some
times since it may be logically placed, but the logic is not the logic
you would necessarily use.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Disable challenge questions

Mike Busse,

>> I am trying to set up SSPR *without* the forgotten-password feature. I
>> went through everything I could find in the SSPR configuration, as well
>> as disabling the forgotten password feature in the applicable password
>> policy. I no longer get the 'forgot password' link in the login page,
>> but I still get prompted to answer challenge questions when I log in for
>> the first time. Does anyone know the secret to turning off the
>> challenge question prompt?
>>
>>
>> Thanks

>
> It's under Modules -> Authenticated -> Setup Security Questions
>
> Set "Force Response Setup" to disabled (enabled by default)
>

Thanks. That makes things a bit cleaner.

In a perfect world, I could configure SSPR to force one group of users
to set up challenge responses & enable the forgotten-password feature,
while a different user group doesn't get either one, but I'll take what
I can get.



0 Likes
Knowledge Partner
Knowledge Partner

Re: Disable challenge questions

6423241;2485044 wrote:
Mike Busse,

>> I am trying to set up SSPR *without* the forgotten-password feature. I
>> went through everything I could find in the SSPR configuration, as well
>> as disabling the forgotten password feature in the applicable password
>> policy. I no longer get the 'forgot password' link in the login page,
>> but I still get prompted to answer challenge questions when I log in for
>> the first time. Does anyone know the secret to turning off the
>> challenge question prompt?
>>
>>
>> Thanks

>
> It's under Modules -> Authenticated -> Setup Security Questions
>
> Set "Force Response Setup" to disabled (enabled by default)
>

Thanks. That makes things a bit cleaner.

In a perfect world, I could configure SSPR to force one group of users
to set up challenge responses & enable the forgotten-password feature,
while a different user group doesn't get either one, but I'll take what
I can get.



Yes,

this is one area where the SSPR is lacking the "scope" feature.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Disable challenge questions

On Wed, 01 Aug 2018 19:17:23 +0000, 6423241 wrote:

> Mike Busse,
>
>>> I am trying to set up SSPR *without* the forgotten-password feature. I
>>> went through everything I could find in the SSPR configuration, as
>>> well as disabling the forgotten password feature in the applicable
>>> password policy. I no longer get the 'forgot password' link in the
>>> login page, but I still get prompted to answer challenge questions
>>> when I log in for the first time. Does anyone know the secret to
>>> turning off the challenge question prompt?
>>>
>>>
>>> Thanks

>>
>> It's under Modules -> Authenticated -> Setup Security Questions
>>
>> Set "Force Response Setup" to disabled (enabled by default)
>>

> Thanks. That makes things a bit cleaner.
>
> In a perfect world, I could configure SSPR to force one group of users
> to set up challenge responses & enable the forgotten-password feature,
> while a different user group doesn't get either one, but I'll take what
> I can get.


I've not tried it, but in the "Setup Security Questions" module, there is
a scoping section called "Save Challenge Permission". The description for
this is:

"Specify the permissions used to determine if you permits the users to
configure challenges. This LDAP query must return the user or else SSPR
does not permit the user to configure challenges."

Sounds like you could enable the module and scope your required users with
an LDAP query that would force that subset of users to setup the security
questions. Those that don't meet the query would not be required to set
them up.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Disable challenge questions

Mike Busse wrote:

> Sounds like you could enable the module and scope your required users
> with an LDAP query that would force that subset of users to setup the
> security questions. Those that don't meet the query would not be
> required to set them up.


When I saw that, I understood it to mean that with an LDAP query you
could permit that subset of users to setup their own security
questions. Those that don't meet the query would be required use the
ones the admin set up.

--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: Disable challenge questions

In the config editor, disable:

Modules ⇨ Authenticated ⇨ Setup Security Questions ⇨ Force Response Setup


6423241;2484830 wrote:
Hello,


I am trying to set up SSPR *without* the forgotten-password feature. I
went through everything I could find in the SSPR configuration, as well
as disabling the forgotten password feature in the applicable password
policy. I no longer get the 'forgot password' link in the login page,
but I still get prompted to answer challenge questions when I log in for
the first time. Does anyone know the secret to turning off the
challenge question prompt?

SSPR version 4.3
eDirectory version 8.8.8 SP11


Thanks
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.