- Overview
- About User Self-Service
- Self-Registration
- Social Registration
- OpenID Connect Authorization Code Flow
- Many Social Identity Providers, One Schema
- Setting Up Google as a Social Identity Provider
- Setting Up LinkedIn as a Social Identity Provider
- Setting Up Facebook as a Social Identity Provider
- Setting Up Amazon as an IDM Social Identity Provider
- Setting Up Microsoft as an IDM Social Identity Provider
- Set Up Apple as an IDM Social Identity Provider
- Setting Up WordPress as an IDM Social Identity Provider
- Setting Up WeChat as an IDM Social Identity Provider
- Setting Up Instagram as an IDM Social Identity Provider
- Setting Up Vkontakte as an IDM Social Identity Provider
- Setting Up Salesforce as an IDM Social Identity Provider
- Setting Up Yahoo as an IDM Social Identity Provider
- Setting Up Twitter as an IDM Social Identity Provider
- Setting Up a Custom Social Identity Provider
- Configuring the Social Providers Authentication Module
- Account Claiming: Links Between Accounts and Social Identity Providers
- Managing Social Identity Providers Over REST
- Testing Social Identity Providers
- Scenarios When Registering With a Social ID
- Social Identity Widgets
- Progressive Profile
- Password Reset
- Username Retrieval
- Additional Configuration
- Configure Notification Emails
- Configure Privacy and Consent
- Configure UMA, Trusted Devices, and Privacy
- Terms & Conditions
- Tokens and User Self-Service
- End User UI Notifications
- Configure Google reCAPTCHA
- Configure Identity Fields
- Configure Security Questions
- Add Custom Policies for Self-Registration and Password Reset
- Self-Service End User UI
- Custom Self-Service Stages
- Self-Service Stage Reference
- All-In-One Registration
- OpenAM Auto-Login Stage
- Attribute Collection Stage
- Captcha Stage
- Conditional User Stage
- Consent Stage
- Email Validation Stage
- IDM User Details Stage
- KBA Security Answer Definition Stage
- KBA Security Answer Verification Stage
- KBA Update Stage
- Local Auto-Login Stage
- Parameters Stage
- Patch Object Stage
- Password Reset Stage
- Self-Registration Stage
- Social User Claim Stage
- Terms and Conditions Stage
- User Query Stage
- Social Identity Provider Reference
- Google Social Identity Provider Configuration Details
- LinkedIn Social Identity Provider Configuration Details
- Facebook Social Identity Provider Configuration Details
- Amazon Social Identity Provider Configuration Details
- Microsoft Social Identity Provider Configuration Details
- WordPress Social Identity Provider Configuration Details
- WeChat Social Identity Provider Configuration Details
- Instagram Social Identity Provider Configuration Details
- Vkontakte Social Identity Provider Configuration Details
- Salesforce Social Identity Provider Configuration Details
- Yahoo Social Identity Provider Configuration Details
- Twitter Social Identity Provider Configuration Details
- Custom Social Identity Provider Configuration Details
- Social Identity Provider Button and Badge Properties
- IDM Glossary
KBA Security Answer Verification Stage
This stage verifies security answers and validates user lockout. The stage requires a user ID in state.
The stage reads the user object and validates that the user has not already failed to answer the security questions. The stage then obtains the configured security questions, and returns the minimum number of randomly selected questions as a requirement.
The stage validates any answers against the user object. If the requirement is not met (incorrect number of questions answered correctly) the stage throws a bad request exception and increments the failure count of the managed user. If the requirement is met (correct number of questions answered correctly) the process advances to the next stage.
- Example configuration
{ "name" : "kbaSecurityAnswerDefinitionStage", "kbaConfig" : null },- Dependencies
The stage depends on a previous stage to populate the user ID in
state. It has no dependencies on following stages.- Required Parameters
kbaConfig- reads the KBA configuration from the correspondingselfservice.kba.jsonfile.