A side effect of the recent removal of production mode in favor of a more secure OOTB configuration for all profiles was that the default password policy validation rules became more strict. In particular, they now check new passwords against a dictionary of known common passwords.
This change in behavior has exposed integration limitations in our downstream platform cloud services. At the moment the platform UI and IDM are responsible for validating new passwords before handing them off to DS. DS may reject the password, notably common passwords that are used during demos, and return a constrain violation error. Unfortunately, IDM and the platform UI do not handle these errors very gracefully which results in an unpleasant user experience and failed product demo.
Revert the password validation changes in the ds-empty Docker image used by our cloud services. This image already contains a couple of patches to revert the changes introduced in
Long term fix:
Password validation will become the responsibility of DS. The platform UI and IDM will use the recently added PasswordQualityAdviceRequestControl in order to consume validation results and render them in a user-friendly manner. See IAM-223.