Enabling detailed errors with IdentityIQ forgot password self-service password reset

When enabled, IdentityIQ let you reset your forgotten password via a link present in the OOTB login page. Under the hood, IdentityIQ will perform several checks, including checking identity exists, security questions etc.

For security reasons, IdentityIQ always return the same generic message, typically "An error has occurred, Try again or contact System Administrator" when the request cannot be performed, no matter what the error cause is.

In some situations, it might be useful to get a detailed message to identify the root cause. To enable detailed error, 

- Update the SystemConfiguration object and replace the line

<entry key="loginErrorStyle" value="simple"/>

by 

<entry key="loginErrorStyle" value="detailed"/>

Specific error messages with their corresponding key in message catalog include 

• reset_err_user_not_found: Message displayed when the user is not found
• reset_err_no_sms_phone: Message displayed when the SMS phone number is not set for the user or is in a bad format
• auth_answers_not_configured: Message displayed when authentication questions are not configured

Use of detailed login error messages must be weighed against internal security policies.