How to encrypt Self Authentication "Questions and Answers" so they do not appear in clear text in CA Directory

Document ID : KB000026640
Last Modified Date : 14/02/2018
Show Technical Document Details


Self authentication Questions and Answers are being stored as clear text in CA Directory.
This document explains how to encrypt self authentication 'questions and answers' so they do not appear in clear text.


  1. Log in to the IDM web interface as an Admin User - on the left menu select "System"and then - "Logical Attributes" and then - "Modify Logical Attribute Handler":


  2. Check "Forgotten Password Handler" and click "Select".

  3. On the settings section - populate the Encryption Key - with a value (the value will be used as an encryption parameter).


  4. Verify that the "Logical Attribute" listed in the same screen are the ones associated with the password reset task and save the changes made.


  5. Modify your test user; assign fresh sets of questions and answers:


  6. The verification Questions and Answers are now encrypted in the directory:



Please note the following: Any user with an old challenge question/answer will not be able to view their profile as they will get a decrypt error when trying to display their current challenge question and answers.