search

fbordina / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

"Minimum random challenges required during setup" parameter not working if user-supplied question allowed #502

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Installed PWM Release v1.7.0
2. Configured "Settings -> Challenge Policy" with:
- Enable Setup Responses: True
- Force Response Setup: True
- Random Questions configured: 8 (7 pre-defined, 1 user-supplied question)
- Minimum Random Required: 1
- Minimum Random Challenges Required During Setup: 1
3. Login as standard user and go to "Setup Password Responses"

What is the expected output? What do you see instead?
Expected output: just one question needed on setup to allow saving of challenges
What do I see: browser asking to fill all fields (responses) to allow saving of 
challenges

What version of PWM are you using?
Pwm Release 1.7.0

What ldap directory and version are you using?
Active Directory Win2008R2

Please paste any error log messages below:
I've noticed that if I don't allow in config any user-supplied question, then 
browser will show me a drop-down menu with all pre-defined questions, I can 
choose one, input answer and save.
If I allow one user-supplied question, browser will list me all pre-defined 
questions plus the field to fill a customized one, but I need to fill all 
answers fields to be allowed to save.

Original issue reported on code.google.com by nicola.b...@gmail.com on 15 Oct 2013 at 9:28

GoogleCodeExporter commented 9 years ago 
Working as designed.

Original comment by jrivard on 15 Oct 2013 at 1:32

GoogleCodeExporter commented 9 years ago 
sorry, can you just explain a little further?
when setting up random questions I read in help:

"[...] The user may be required to supply answers to all or some of these 
questions when setting up their responses, this is controlled by the "Minimum 
Random Challenges Required During Setup" setting [...]"

I've set the "Minimum Random Challenges Required During Setup" setting to 1 and 
it doesn't seem to me that it is working as designed if it force me to fill 
answer to 8 questions.

Original comment by nicola.b...@gmail.com on 15 Oct 2013 at 1:35

GoogleCodeExporter commented 9 years ago 
"selectable" and "user-defined" questions are mutually incompatible.

Original comment by jrivard on 15 Oct 2013 at 1:37

GoogleCodeExporter commented 9 years ago 
So if I give the end-user the possibility to customize a user-defined question, 
I'm actually forcing it to answer to all setup questions during setup and 
parameter "Minimum Random Challenges Required During Setup" is then ignored?
Is that right?
Thanks.

Original comment by nicola.b...@gmail.com on 15 Oct 2013 at 1:39

GoogleCodeExporter commented 9 years ago 
Sorry but that kind of configuration ("user-defined" + only 1 needed to answer) 
is correctly working on 1.6.0 build. So I think this is not working as designed.

Original comment by nicola.b...@gmail.com on 21 Oct 2013 at 9:08