Skip to Content
avatar image
Former Member

/idm/pwdreset unique id validation

Hi,

Is there a way we can validate the user id (unique id) in the password reset guided procedure against the IDM database ?

Right now if i even enter "a" in the unique id space the guided procedure take it and shows up some random questions. we want IDM to validate if the entered unique id is correct and if possible to only allow those id's which have a profile set.

Please let me know how can this be achived.

Thanks

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Oct 03, 2011 at 09:49 AM

    Hi,

    Although there is a verification that the user exists, this information is not revealed to the end user for security reasons.

    If a non existent ID is entered, random questions are given.

    If the password reset would inform whether a user exists or not, you would be more vulnerable to attacks, as the attacker would actually know whether the given ID is legal.

    Best regards

    John erik Setsaas

    Add comment
    10|10000 characters needed characters exceeded