Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14353

Error Message not Displayed when Change Password does not Meet Password Policy

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.5.0, 6.0.0.6, 6.5.0.1
    • Fix Version/s: 6.0.0.7, 6.5.0.2, 6.5.2, 6.0.1, 7.0.0
    • Component/s: idrepo
    • Labels:
    • Sprint:
      AM Sustaining Sprint 60
    • Needs backport:
      No
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      Error message does not displayed when user tried to change password does not meet password policy.

      How to reproduce the issue

      1. Install OOTB AM 6.0.0.4
      2. Disable Behera Support Enabled option ([Realm] > Data Stores > embedded > Server Settings)
      3. Configure the Length Based Password Validator and set the minimum password length to 10:
      $ cd /path/to/OpenAMConfig/opends/bin
      $ ./dsconfig set-password-validator-prop \
                --validator-name Length-Based\ Password\ Validator \
                --set min-password-length:10 \
                --hostname <hostname> \
                --port 4444 \
                --bindDn cn=Directory\ Manager \
                --bindPassword ****** \
                --trustAll \
                --no-prompt
      
      1. Add Length Based Password Validator to Default password policy:
      $ ./dsconfig set-password-policy-prop \
                --policy-name Default\ Password\ Policy \
                --set password-validator:Length-Based\ Password\ Validator \
                --hostname <hostname> \
                --port 4444 \
                --bindDn cn=Directory\ Manager \
                --bindPassword ****** \
                --trustAll \
                --no-prompt
      
      1. Authenticate demo user via console. Upon success, redirect to User Profile Page
      2. Change demo user password. In this case, have a password that length less than 10 (e.g "changeit1")
      Expected behaviour
      Red Error pop up box with message of "The password policy configured for the user data store was not satisfied.
      Current behaviour
      Red Error pop up box with no text message displayed

       

      From IdRepo:

      amIdm:01/31/2019 04:18:35:003 PM SGT: Thread[http-nio-8080-exec-10,5,main]: TransactionId[550530e9-0b3d-4ea8-92e4-a94bd0c8de89-2959]
      IdServicesImpl.changePassword: Unable to change password in the following repository com.sun.identity.idm.plugins.internal.SpecialRepo :: Plug-in com.sun.identity.idm.plugins.internal.SpecialRepo: Changing user password not supported.
      DJLDAPv3Repo:01/31/2019 04:18:35:003 PM SGT: Thread[http-nio-8080-exec-10,5,main]: TransactionId[550530e9-0b3d-4ea8-92e4-a94bd0c8de89-2959]
      changePassword invoked
      DJLDAPv3Repo:01/31/2019 04:18:35:006 PM SGT: Thread[http-nio-8080-exec-10,5,main]: TransactionId[550530e9-0b3d-4ea8-92e4-a94bd0c8de89-2959]
      ERROR: An error occurred while trying to change password for identity: demo
      Constraint Violation: The provided password value was rejected by a password validator: The provided password is shorter than the minimum required length of 10 characters
      at org.forgerock.opendj.ldap.LdapException.newLdapException(LdapException.java:219)
      at org.forgerock.opendj.ldap.LdapClientImpl$Exchange.onNext(LdapClientImpl.java:668)
      at org.forgerock.opendj.ldap.LdapClientImpl$Exchange.onNext(LdapClientImpl.java:582)
      ..........
      at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:593)
      at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:573)
      at java.lang.Thread.run(Thread.java:748)
      amIdm:01/31/2019 04:18:35:007 PM SGT: Thread[http-nio-8080-exec-10,5,main]: TransactionId[550530e9-0b3d-4ea8-92e4-a94bd0c8de89-2959]
      WARNING: IdServicesImpl.changePassword: Unable to change password following repository org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo :: Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered an ldap exception 19: The provided password value was rejected by a password validator: The provided password is shorter than the minimum required length of 10 characters
      amIdm:01/31/2019 04:18:35:007 PM SGT: Thread[http-nio-8080-exec-10,5,main]: TransactionId[550530e9-0b3d-4ea8-92e4-a94bd0c8de89-2959]
      WARNING: IdServicesImpl.changePassword: Unable to change password for identity user::demo in any configured data store
      Message:Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered an ldap exception 19: The provided password value was rejected by a password validator: The provided password is shorter than the minimum required length of 10 characters
      
      at org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo.changePassword(DJLDAPv3Repo.java:460)
      at com.sun.identity.idm.server.IdServicesImpl.changePassword(IdServicesImpl.java:1711)
      at com.sun.identity.idm.AMIdentity.changePassword(AMIdentity.java:505)
      ..........
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      at java.lang.Thread.run(Thread.java:748)

      From CoreSystem:

      frRest:01/31/2019 04:18:35:008 PM SGT: Thread[http-nio-8080-exec-10,5,main]: TransactionId[550530e9-0b3d-4ea8-92e4-a94bd0c8de89-2959]
      ERROR: A runtime exception occurred during the CREST request handling
      java.lang.ClassCastException: org.forgerock.i18n.LocalizableMessage cannot be cast to java.lang.String
      at com.sun.identity.idm.IdRepoException.getConstraintViolationDetails(IdRepoException.java:312)
      at org.forgerock.openam.errors.IdentityResourceExceptionMappingHandler.handleError(IdentityResourceExceptionMappingHandler.java:83)
      at org.forgerock.openam.core.rest.IdentityRestUtils.changePassword(IdentityRestUtils.java:87)
      .........
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      at java.lang.Thread.run(Thread.java:748)
      

       

      Cause

      Changes of DJ interface on DJ 6.5 See

      https://backstage.forgerock.com/docs/ds/6.5/javadoc/org/forgerock/opendj/ldap/messages/Result.html#getDiagnosticMessage--

      https://backstage.forgerock.com/docs/ds/6/javadoc/org/forgerock/opendj/ldap/messages/Result.html#getDiagnosticMessage--

      compared to DJ3.5 -> 5.5

      https://backstage.forgerock.com/docs/ds/5.5/javadoc/org/forgerock/opendj/ldap/messages/Result.html#getDiagnosticMessage--

      Notice the type was (String)

       

        Attachments

          Activity

            People

            • Assignee:
              chee-weng.chea C-Weng C
              Reporter:
              wanning.tan WanNing Tan
            • Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: