15.4 Troubleshooting the Challenge Set Policy

There was a change made to the challenge set policy options when Self Service Password Reset 3.3 was released. The changes impact how you manage the challenge set policy options. The changes are to the following options:

  • Word List (dictionary) checks answers

  • eDirectory Challenge Set Minimum Randoms During Setup

  • eDirectory Challenge Set Maximum Question Characters in Answer

With the Self Service Password Reset-defined challenge sets, these policy options have been changed from per-policy settings to per-challenge policies. If these policy settings were previously modified from their defaults, administrators must reapply the appropriate settings to the each challenge question in the Configuration Editor of Self Service Password Reset 3.3 or above. The upgrade process does not migrate the old settings.

In the case of the eDirectory and NMAS defined challenge sets (Challenge Sets defined and managed using iManager), Self Service Password Reset 3.2 applied these policy settings based on their values in the Self Service Password Reset defined challenge set policies, often resulting in confusing policy assignments for users. As of Self Service Password Reset 3.3, this process has been changed to use eDirectory specific policy settings. The new settings at LDAP > LDAP Settings > NetIQ eDirectory > eDirectory Challenge Sets are applied to all challenge set policies read from eDirectory. Administrators should review these settings to ensure they are appropriate for their environment.