-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 06/04/2012 08:36 PM, mmiltenberger wrote:
>
> Is it possible to synchronize an individuals's password challenge
> question responses (sASLoginSecretKey) between trees and expect them
> to function properly?


No

> or will it fail because of sASLoginSecretKey being encrypted with a
> Tree key in the Tree that the responses are set in ??


Exactly.

> Is there ANY option / approach to synching password challenge
> responses to multiple trees?


If you describe your business case a little more there are options that
work for others which may also work for you. For example, using
Self-Service Password Reset (SSPR) which comes with IDM I believe. You
can point it to any old tree, or you can have it store the challenges
and responses in its own internal database. Once a user verifies
themselves, reset the password wherever it is configured to do so. "But
the user's workstation is in a different environment!" you say? Well
that's okay too... use the Client Login Extension (CLE) on windows
machines and you can have your 'Forgotten Password' link point to any
old web application (UserApp, PWM, SSPR, etc.) that is available via TCP.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPzXRKAAoJEF+XTK08PnB5CcIQAJbsHvQK5h 0VMtF3mJ98agCc
RXYYRLeaevoUEuJUegIW0t17n2Dy2zGK4g1vYcW9pyJTrqjbdA p7Rgi1qqLw6NTp
45NVHSRBEBcpdeBlMZ3QwVh8NH92NAmQlOtX+ahg8KJuDxopxx w5oysAalEqC7+K
/8Kq0ubhrnvWMQFBCTAiNjXjH8bRoqfboOlVUou93ceB3ofrmlz sKwMo+P/asjJo
jkDi1BYvh4vhXKktwe6q7w2E0MFksWr2hCCwCPkItwJzwZqHD8 DOp6brO6WjJdCD
bv9moU5gwRnxJrQRAGe73MDr+QN8r2GpmfA4t4UVeO/Z0v9K++q+s7w8vwd3KGEm
6prmzVe06GOvMTvVskUjGj5HzBidwx62PKX4O0/5N6FnUJl/biY1ob1Pt4lrSBxA
Sgp/GUfGl6LHDyd+sX/c7x6d/K+qpUnlYxh7REz9RoWlrnMuu/mHCqg8J/Xwskwl
8wnUYjXcJEevyLDPqxxtZMtnExVtrr1sv9t4h6ExsBc/HTim7y3jtFa1JVjmA9r0
qM8JS98/MSmz5BhT1NVyg/iQXQBtBKbOex/4VqiBgNUgPSV7O7FOp6nzWdyTmqYQ
Y+2pw0oa6/eec7ksP5W73pRdACAJNXVSxZQ4Bgptml9iT6gyZEN1yzJCcm7Z SRFJ
/dmG9GI5lnHR15YKXTsV
=uISa
-----END PGP SIGNATURE-----