Articles / Forum - How to ignore the password policy in a custom workflow for 'Administrator Change Password' functionality?
We hope you find the information below useful.
This is a forum-thread. Feel free to provide your response
and contribute to make this article better.
Share, wiki and grow!
We have a custom workflow which is called via SPML to provide 'Administrator Change Password' functionality in a portal.
Our password policy sets the String Quality rules and Number of Previous Passwords that Cannot be Reused. But we like to bypass the password policy when the password administrators (who have a admin role with a capability - 'Change Password Administrator'). At least, restriction ' Number of Previous Passwords that Cannot be Reused' need to be ignored (But password need to be added to the history... cannot disable adding passwords to history).
Please advice me how it could be achieved?
The workflow steps:
1. Checkout 'ChangeUserPassword' view for the user as an administrator 2. Set the new password in the view, set true to view.savePasswordHistory 3. Set password on the resources 4.Checkin the view
Thanks Siva
How to ignore the password policy in a custom workflow for 'Administrator Change Password' functionality?
Posted by
Aditya M on Jul 12, 12:08 AM
Hmm.. we had faced similar problem, and I believe the answer to this is: you can achieve this only if you are ready to compromise the security of the system.
Here's how you could do it, though it is not recommended:
The 'Password Policy' can be configured in the 'Default Lighthouse Account Policy' (or 'Default Identity Manager Account Policy' in recent versions of IDM). The code could be written such that the Password Policy being referred to is set to a more "lenient" password policy when an admin changes the user's password. Once the provisioning is complete, the Lighthouse Policy is re-configured back to the "stricter" policy.
Does this help?
How to ignore the password policy in a custom workflow for 'Administrator Change Password' functionality?
Posted by
Siva on Jul 14, 07:05 PM
Thanks Aditya.
We tried in the you suggested but our requirement is about 'ignoring password history check' when admin changes the password.
1. created special password policy which does not require passwrod history in addition to our regular one.
2. Attached the special policy to the user before change the password and then after the password change , reattached the regular policy to the user.
The problem is , when we add the special policy , it wipes out all the password history in the user object as this policy does not enforce password history check. We do not want this to happen.
We value comments from XpressUtils users!
We strive to make this site better for you each day, so all constructive comments are appreciated.
Please feel free to send us your feedback!
From: Achin
Aug 30, 07:48 AM
Hi, team i want to know how to add uid to LDAP groups. if any body knows please help
From: mike
Aug 25, 09:08 AM
Can you give an example to use this rule? What does it mean "The trick to achieve this is use the "Properties" file concept" ??
You add custom Properties in the Waveset.property file? Where you set the value for these properties? - After the IDM restart?...
From: ajay nalawade
Jul 29, 08:43 AM
i want information about how to call java from expree
boolean isConnectionSuccessful=connectDB.connectTo(111);
i want code for this,anybody can help me...
From: Carrie Cain
Jul 24, 05:22 AM
Want more clients and customers? We will help them find you by putting you on the 1st page of Google. Email us back to get a full proposal...
From: nimish
Jul 20, 12:53 AM
In Handy Tools, Test Regular Expressions is not working. anybody used it?
From: nimish
Jul 13, 02:18 AM
hi team,
I have some problem related to configure openSSO. Can I ask you for this or should I go to another site....
From: Anirudha
Jul 13, 01:41 AM
Wish you all the best...
From: hussain
Jun 05, 06:59 AM
Could u please provide an ebook for Sun Certified Integrator for Identity Manager 7.1
From: docsnyder
May 07, 05:52 AM
Hi!
I have downloaded the rule tester JSP file and followed the instructions, but the following error has shown up:
------------------ begin ---------------------
Select a Rule (or write a test-rule script), select a User to run as, and click Test to view the results.
Rule:
Arguments: -- None --
Run as User: There was an error on this page. Click here to return to the m...
Subscribe to updates
Hi, team i want to know how to add uid to LDAP groups. if any body knows please help