-
Type:
Improvement
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 13.5.1, 5.5.1
-
Component/s: authentication
-
Target Version/s:
-
Rank:1|hzpmcf:
-
Sprint:AM Sustaining Sprint 46, AM Sustaining Sprint 47
-
Story Points:5
-
Support Ticket IDs:
environment:
13.5.1
issue background:
In the previous version, for any violations of the password policy for the new password, the error message received was same as the error message received from OpenDJ. But, with the new OpenAM version, the error message seems to be getting modified and for all violations same message is returned by OpenAM.
Eg: When the new password had only lower case password - The error message received from the rest api was -
The provided password value was rejected by a password validator: The provided password did not contain enough characters from the character set 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'. The minimum number of characters from that set that must be present in user passwords is 1
Now, the error message we get after upgrading to 13.5.1 is - The password did not meet the password policy requirements
business impact: show clear errors to user as to what is the problem with the password,
- is duplicated by
-
-
- Closed
-
- is related to
-
OPENAM-9009 When using REST endpoint "json/users/?_action=create" with password policy violation, AM returns HTTP 400 "bad request", reason "Bad Request" , Message "Bad Request" rather than a more meaningful error message
-
- Resolved
-
- relates to
-
OPENAM-16402 The passwordpolicy.allowDiagnosticMessage should be applicable to admin and selfservice password change.
-
- Closed
-