IDM 7.3.0

KBA security answer definition stage

In the context of registration, this stage supplies security questions to the user and captures the answers provided by the user.

The stage validates any answers against the user object. If the requirement is not met (incorrect number of questions answered correctly), the stage throws a bad request exception and increments the failure count of the managed user. If the requirement is met (correct number of questions answered correctly), the process advances to the next stage.

This stage also disallows users from entering custom questions that duplicate any questions defined by the administrator, regardless of the locale. It does this comparison by removing any special characters and making a lowercase comparison. For example, What Is YoUr FaVorite COLOR???? would be evaluated as the same question as what is your favorite color?.

Example configuration
{
    "name" : "kbaSecurityAnswerDefinitionStage",
    "kbaConfig" : null
},
Dependencies

The stage depends on a previous stage to populate the user ID in state. It has no dependencies on following stages.

Required Parameters
  • kbaConfig - reads the KBA configuration from the corresponding selfservice.kba.json file.

Copyright © 2010-2023 ForgeRock, all rights reserved.