In Forefront Identity Manager (FIM) 2010 it is possible for a user to provide the same answer for each question when registering for SSPR. There is also no control on the minimum length of an answer, whether it must have a number or not, etc.
FIM 2010 R2 (release candidate) supports QA gate complexity constraints via regular expressions. In the QA gate activity settings in addition to defining the total number of questions, the number of questions displayed and required during registration, and the number of questions displayed and required during reset (as well as the new security context option that defines whether the gate applies to extranet or all) there are some new settings:
- Allow duplicate answers. A Boolean value, implemented as a checkbox that, as the name implies, permits the same answer when checked. For most of us this will remain unchecked.
- Answer constraint. A regular expression that defines the permissible structure and complexity of answers, i.e. you can define the minimum and maximum length, allowed characters, etc. This answer constraint is a global setting –there is not one constraint per question.
- Message to user that describes uniqueness and answer text constraints. As the label implies this is the string that defines (displays) the constraints on the registration page.
- Terse inline error message to user for answers that violate uniqueness or text constraints. Again, as the label nicely describes, this is the error string presented on a per-answer input basis if the answer does not match the regex defined as the answer constraint.
This is a long awaited and great improvement to the core functionality of SSPR. To close this post and summarise the above here’s a screenshot.