Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14353

Error Message not Displayed when Change Password does not Meet Password Policy

    XMLWordPrintable

    Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.5.0, 6.0.0.6, 6.5.0.1
    • 6.0.0.7, 6.5.0.2, 6.5.2, 6.0.1, 7.0.0
    • idrepo
    • Rank:
      1|hzxj5r:
    • AM Sustaining Sprint 60
    • No
    • No
    • No
    • Yes and I used the same an in the description

      Description

      Bug description

      Error message does not displayed when user tried to change password does not meet password policy.

      How to reproduce the issue

      1. Install OOTB AM 6.0.0.4
      2. Disable Behera Support Enabled option ([Realm] > Data Stores > embedded > Server Settings)
      3. Configure the Length Based Password Validator and set the minimum password length to 10:
      $ cd /path/to/OpenAMConfig/opends/bin
$ ./dsconfig set-password-validator-prop \
          --validator-name Length-Based\ Password\ Validator \
          --set min-password-length:10 \
          --hostname <hostname> \
          --port 4444 \
          --bindDn cn=Directory\ Manager \
          --bindPassword ****** \
          --trustAll \
          --no-prompt
      1. Add Length Based Password Validator to Default password policy:
      $ ./dsconfig set-password-policy-prop \
          --policy-name Default\ Password\ Policy \
          --set password-validator:Length-Based\ Password\ Validator \
          --hostname <hostname> \
          --port 4444 \
          --bindDn cn=Directory\ Manager \
          --bindPassword ****** \
          --trustAll \
          --no-prompt
      1. Authenticate demo user via console. Upon success, redirect to User Profile Page
      2. Change demo user password. In this case, have a password that length less than 10 (e.g "changeit1")
      Expected behaviour
      Red Error pop up box with message of "The password policy configured for the user data store was not satisfied.
      Current behaviour
      Red Error pop up box with no text message displayed

       

      From IdRepo:

      amIdm:01/31/2019 04:18:35:003 PM SGT: Thread[http-nio-8080-exec-10,5,main]: TransactionId[550530e9-0b3d-4ea8-92e4-a94bd0c8de89-2959]
IdServicesImpl.changePassword: Unable to change password in the following repository com.sun.identity.idm.plugins.internal.SpecialRepo :: Plug-in com.sun.identity.idm.plugins.internal.SpecialRepo: Changing user password not supported.
DJLDAPv3Repo:01/31/2019 04:18:35:003 PM SGT: Thread[http-nio-8080-exec-10,5,main]: TransactionId[550530e9-0b3d-4ea8-92e4-a94bd0c8de89-2959]
changePassword invoked
DJLDAPv3Repo:01/31/2019 04:18:35:006 PM SGT: Thread[http-nio-8080-exec-10,5,main]: TransactionId[550530e9-0b3d-4ea8-92e4-a94bd0c8de89-2959]
ERROR: An error occurred while trying to change password for identity: demo
Constraint Violation: The provided password value was rejected by a password validator: The provided password is shorter than the minimum required length of 10 characters
at org.forgerock.opendj.ldap.LdapException.newLdapException(LdapException.java:219)
at org.forgerock.opendj.ldap.LdapClientImpl$Exchange.onNext(LdapClientImpl.java:668)
at org.forgerock.opendj.ldap.LdapClientImpl$Exchange.onNext(LdapClientImpl.java:582)
..........
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:593)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:573)
at java.lang.Thread.run(Thread.java:748)
amIdm:01/31/2019 04:18:35:007 PM SGT: Thread[http-nio-8080-exec-10,5,main]: TransactionId[550530e9-0b3d-4ea8-92e4-a94bd0c8de89-2959]
WARNING: IdServicesImpl.changePassword: Unable to change password following repository org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo :: Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered an ldap exception 19: The provided password value was rejected by a password validator: The provided password is shorter than the minimum required length of 10 characters
amIdm:01/31/2019 04:18:35:007 PM SGT: Thread[http-nio-8080-exec-10,5,main]: TransactionId[550530e9-0b3d-4ea8-92e4-a94bd0c8de89-2959]
WARNING: IdServicesImpl.changePassword: Unable to change password for identity user::demo in any configured data store
Message:Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered an ldap exception 19: The provided password value was rejected by a password validator: The provided password is shorter than the minimum required length of 10 characters

at org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo.changePassword(DJLDAPv3Repo.java:460)
at com.sun.identity.idm.server.IdServicesImpl.changePassword(IdServicesImpl.java:1711)
at com.sun.identity.idm.AMIdentity.changePassword(AMIdentity.java:505)
..........
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)

      From CoreSystem:

      frRest:01/31/2019 04:18:35:008 PM SGT: Thread[http-nio-8080-exec-10,5,main]: TransactionId[550530e9-0b3d-4ea8-92e4-a94bd0c8de89-2959]
ERROR: A runtime exception occurred during the CREST request handling
java.lang.ClassCastException: org.forgerock.i18n.LocalizableMessage cannot be cast to java.lang.String
at com.sun.identity.idm.IdRepoException.getConstraintViolationDetails(IdRepoException.java:312)
at org.forgerock.openam.errors.IdentityResourceExceptionMappingHandler.handleError(IdentityResourceExceptionMappingHandler.java:83)
at org.forgerock.openam.core.rest.IdentityRestUtils.changePassword(IdentityRestUtils.java:87)
.........
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)

       

      Cause

      Changes of DJ interface on DJ 6.5 See

      https://backstage.forgerock.com/docs/ds/6.5/javadoc/org/forgerock/opendj/ldap/messages/Result.html#getDiagnosticMessage--

      https://backstage.forgerock.com/docs/ds/6/javadoc/org/forgerock/opendj/ldap/messages/Result.html#getDiagnosticMessage--

      compared to DJ3.5 -> 5.5

      https://backstage.forgerock.com/docs/ds/5.5/javadoc/org/forgerock/opendj/ldap/messages/Result.html#getDiagnosticMessage--

      Notice the type was (String)

       

        Attachments

          Activity

            People

            chee-weng.chea C-Weng C
            wanning.tan WanNing Tan
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: