Customization of Challenge Question and Answers in OIM When a user initially logs on to an OIM or to an applictaion protected by OAM(in OAM-OIM entegrated environment),He is redirected to a page where he can enter answers to previously registered questions.He/She will also be redirected to the same page if he/she has to use reset password functionality of OIM. The number of challenge questions are by default 3. OIM administrators can customize the number as well as content of the questions. A) Change the Number of Questions: 1. Open OIM System Administrator console, and go to System Management --> System Configuration, and Search for "Number of Questions" in the text field. 2. Open "Number of Questions" system property by clicking the associated link with this property. 3. You can change the "Value" field (which is editable) to the desired number.Default is 3.. B) Adding New Questions OIM, manages this through Lookups and Administration pane of System Administration Console(This can be done through Design Console also). 1. Open OIM System Administration console, and go to Lookups and Configuration.Search for "Lookup.WebClient.Questions" in the code field.Click the Edit Lookup type icon. 2. In the Meaning an Code Fields, enter the challenge question that you want to add and Save it.( Meaning field : Challenge Question that appers to the user. Code : How it is stored in the database). C) Deleting a Challenge Question Deleting a challenge questin is not a good idea, as users might have already started using it. Currently system administrator console doesn't allow you to delete a user. But, if you want to delete a question you can do it from Design Console.. Tips in customizing questoins and answers Once the user picks a challenge question and corresponding answer, OIM stores this data in PCQ table of OIM Schema under following two columns. PCQ_QUESTION - VARCHAR2(100 CHAR) PCQ_ANSWER - VARCHAR2 (256 CHAR). These two fields are stored as encrypeted in PCQ table. So, even though Schama definition say it holds upto 100/256 characters lenth, that is not the real case. That value is length of encrypted data. And also the data (for both question and answer along with user key) is stored in this table only when a user selects a spefici question and enters corresponding answer.We have seen recently that for questions with more than 64 characters length, and for answers more than 150 characters length we were getting SQL errors to end users when they pick a question.This is not documented well..So, while design questions and selecting appropriate answers this limitation needs to be considered.

Important for 11gR2 PS3 users : From 11gR2PS3 onward, the way challenge questions stored is changed. To begin with, the default challenge questions are now stored with the Password Policy in PWR.PWR_CHA_DEFAULT_QUESTIONS. The column is defined as varchar2(4000) and the questions are stored unencoded or unencrypted sentences separated by a colon (:) . During the upgrade to 11.1.2.3, the questions are migrated from Lookup.WebClient.Questions to PWR. Additionally, users can now set up their own questions or elect to use the default ones. Whether a user keeps the default questions for the applicable password rule, or create their own, the questions and answers are stored (encrypted/encoded) for each user in PCQ.PCQ_QUESTION and PCQ.PCQ_ANSWER.

#oimcustomizationchallengequestionspcq