[midPoint] Example for Security Question Password Reset

[Brad Firestone]

Hi All,

Thanks for all who contribute such helpful information on this list.  
I've tried to answer when I know something, but most people's questions 
are more advanced than I am.  :-)

Forgive me for repeating.  Peter has asked a similar question in 2017 
with no answers:
http://lists.evolveum.com/pipermail/midpoint/2017-April/003624.html

And I asked this question a month or so ago when using 3.6.1 but didn't 
receive any answers.   I know this is a community resource and nothing 
is guaranteed, but I thought I'd ask again.  I've tried working through 
this again with version 3.7.2 and still can't figure out how to 
configure the system for Security Question password reset.  Reset via 
email is working fine but we plan to control our email accounts through 
midPoint, so really need Security Questions to work.

I've tried looking through all the Wiki articles and Sample files and 
haven't found a complete example that shows password reset via Security 
Questions that I can get to work.  It's possible I'm just missing it, 
but the more recent examples I've found which include information for 
Security Questions still show the credentialsReset method as 
passwordMailReset:

https://wiki.evolveum.com/display/midPoint/Reset+Password+Configuration
https://github.com/Evolveum/midpoint/blob/master/samples/evolveum/security-policy.xml
https://wiki.evolveum.com/display/midPoint/Security+Policy+Configuration

<credentialsReset>
<mailReset>
<name>passwordMailReset</name>
<additionalAuthenticationName>confirmationLink</additionalAuthenticationName>
</mailReset>
</credentialsReset>

I have the Security Questions defined, and my Users can enter answers to 
the questions.  But I can't find an example of how to activate password 
reset via the questions instead of email.

I also tried applying the Security Policy Sample that was bundled.  This 
policy only lists Security Questions and includes the following which 
seems to be a different syntax compared to above:
<resetMethod>
<resetType>securityQuestions</resetType>
</resetMethod>

But when I activate this security policy and click on "Forgot Password" 
on the login screen, I get a blank space with a Back button and a Reset 
Password button.  Clicking on Reset Password gives an error of 
"Unsupported password reset type".

Can anybody share or point me to an example of how to set this up?  I 
know there are plans to rebuild the password reset system, but hopefully 
I can get this working for now.

Another related question:  Is it possible to have both email reset and 
security question reset active at the same time and allow users to 
select which method to use?

Thank you!
Brad