Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11521

OpenAM should not generate a password when using auto federation and dynamic profile creation


    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 14.0.0
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Support Ticket IDs:


      When OpenAM is the service provider and auto federation and dynamic user profile creation is configured, SAML federation fails.  The generated passwords given to users upon creation are failing the more complicated password policies in OpenDJ.

      How to replicate:

      Step 1.  Default install of OpenAM with an OpenDJ user store (I used an external OpenDJ)

      Step 2.  Configure auto federation

      Step 3.  Configure OpenAM to create a user profile if non exist.

      Step 4.  Create a password validator on an OpenDJ Password Policy.  I used the Default Password Policy and I configure the Character Set for a validator.

      Federation will fail with the following:

      Constraint Violation: The password value for attribute userPassword was found to be unacceptable: The provided password did not contain enough characters from the character set 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'. The minimum number of characters from that set that must be present in user passwords is 1 

      Since this user will only utilize federation, they do not need a password which would prevent federation from failing when there are complex password validators configured.


          Issue Links



              • Assignee:
                tina.roper Tina Roper
              • Votes:
                1 Vote for this issue
                10 Start watching this issue


                • Created: