Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8999

Incorrect messages are displayed when a user tries to change their password and it does not meet the minimum length

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Not a defect
    • Affects Version/s: 13.0.0
    • Fix Version/s: None
    • Component/s: rest, self-service
    • Labels:
      None
    • Support Ticket IDs:

      Description

      When a Password Policy has been established in OpenDJ with a Password Validator for Password Length, the user can receive an incorrect error message if the min-password-length is greater than 8. If a user creates a password less than 8 characters, but the password validator has a min-password-length of 12, they will see the following scenario:

      curl --request POST --headSfczdN9k61eKeufCEqfQo9f-x5zVzYWHL0mc.AAJTSQACMDEAAlNLABMzODk1MTI3MjM3NTE0MjIzMjUyAAJTMQAA" --header "Content-Type: application/json" --data '

      { "currentpassword": "changeit", "userpassword": "oops" }

      ' http://host2.example.com:8080/openam/json/users/user.2?_action=changePassword

      {"code":400,"reason":"Bad Request","message":"Minimum password length is 8."}

      If the user tries to change their password to a value greater than 8 but less than 12 they will see the following scenario:

      curl --request POST --header "iPlanetDirectoryPro: AQIC5wM2LY4SfczdN9k61eKeufCEqfQo9f-x5zVzYWHL0mc.AAJTSQACMDEAAlNLABMzODk1MTI3MjM3NTE0MjIzMjUyAAJTMQAA" --header "Content-Type: application/json" --data '

      { "currentpassword": "changeit", "userpassword": "changeit1" }

      ' http://host2.example.com:8080/openam/json/users/user.2?_action=changePassword

      {"code":400,"reason":"Bad Request","message":"The provided password value was rejected by a password validator: The provided password is shorter than the minimum required length of 12 characters"}

      The user should receive only one error for whatever the established minimum password length is in the Password Policy

        Attachments

          Activity

            People

            • Assignee:
              peter.major Peter Major
              Reporter:
              abel.hoxeng Abel Hoxeng
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: