Consumer Tier
Setting forgotten Password Data
The OpenPTK Framework and UserManagementLite sample application have been enhanced to support the setting of the "forgotten password" questions. This new features leverages the existing Forgotten Password process where users answer their questions as a means of authentication. Prior to this release, the setting of the Questions/Answers had to be done within the End-User Service/Repository.
With this release, the following capabilities are available:
- Users can initially set their answers for their questions.
- Users can review and change existing answers to questions.
- If the End-User Service/Repository does not have questions, default one are provided.
- The default questions are set in the openptk.xml file.
Java API Sample
A new test program apiSetForgot.java was created to test the setting of the questions.
User Management Lite (UML)
The UML sample application has been updated to support the setting of a users forgotten password questions. A new menu item called "Questions" will display a screen with the default or existing questions / answers.
Framework Tier
Missing Attributes
The OpenPTK Framework has been enhanced, specifically the Context class, to address an issue of requested attributes not being returned.
Issue
When a READ or SEARCH is made, the Input contains a collection of Attributes that the Application wants returned in the Output. The collection of Attributes is passed to the Service, through the Framework, where it is processed. The Service sends back the results to the Framework. End-User Repositories handle the absence of Attributes differently. Some will return an Attribute that has no value, while others will not include the Attribute in the results. This is not consistent and needs to function the same way for all Services ... The Framework and/or Application (Consumer Tier) may be expecting that Attribute to be returned even if it has no value.
Solution
The Subject was enhanced to support post-processing of the Response. When the operation is READ or SEARCH the post-processing looks at the original Input and gets the list of Attributes. It then goes through each Result in the Response and looks for all of the Attributes in the list. If an Attribute is missing, a new Attribute is create with only a name, it does not contain a value. This Attribute is then added to the Result. The Application will now get back every Attribute it asked for, even if the operation (READ and SEARCH) did not return it.
Service Tier
SPML Service Enhancement
The SpmlService base-class has been updated to capture more debug data when an execption is caught.
Issue
When an exception is caught from within any of the Service's Operations, the information returned in the exception does not contain the request / response data. Having this data would help debug configuration problems.
Solution
The SpmlService class has been updated to include the SpmlRequest and SpmlResponse XML data in the exception that is thrown. The XML data will only be included when the debug level is set to "4"
Implement Password Change / Reset for Services
Issue
A number of the provided Service did not implement the Password Change and/or Password Reset operations. Members of the community have asked for these operations.
Solution
The following Services have been enhanced to support the Password Change and Password Reset operations.
- Sun Identity Manager Service Provider Edition (SPE)
- JNDI
- JDBC