Description
We are about testing version 2.0.6
If I try to change a password no password meets the policy.
I had check the NMAS password policy with the user debug tool for the same user once with PWM Version 1.8 and once with PWM >2.0 (same PwmConfiguration.xml) and the difference is that the attribut "AllowNonAlpha" is in Version 1.8. readable and shown as "true" (like in eDirectory Policy defined) and with the programm > 2.0 the attribute is not found (n/a) for the same user with the same password policy in eDirectory.
User Debug for 1.8
"publicUserInfoBean": {
"userDN": "cn=MMusterm,ou=RZ-TEST,o=HKI",
"ldapProfile": "default",
"userID": "MMusterm",
"userGUID": "cabccec36b8fb14e3382cabccec36b8f",
"userEmailAddress": "[email protected]",
"language": "en",
"passwordExpirationTime": "2023-08-10T12:10:15Z",
"passwordLastModifiedTime": "2023-07-11T12:10:15Z",
"lastLoginTime": "2023-07-12T10:02:47Z",
"requiresNewPassword": false,
"requiresResponseConfig": false,
"requiresUpdateProfile": false,
"requiresOtpConfig": false,
"requiresInteraction": false,
"passwordStatus": {
"expired": false,
"preExpired": false,
"violatesPolicy": false,
"warnPeriod": false
},
"passwordPolicy": {
"MinimumNonAlpha": "0",
"MaximumUpperCase": "0",
"MinimumLowerCase": "0",
"UniqueRequired": "TRUE",
"MaximumLength": "20",
"DisallowedValues": "",
"MinimumLifetime": "0",
"AllowLastCharNumeric": "TRUE",
"AllowNonAlpha": "TRUE",
"ExpirationInterval": "2592000",
"MaximumSequentialRepeat": "4",
"MinimumUpperCase": "1",
"DisallowedAttributes": "FullName\nGivenName\nSurname",
"ChangeMessage": "",
"MaximumNumeric": "0",
"AllowSpecial": "TRUE",
"MinimumNumeric": "2",
"AllowNumeric": "TRUE",
"MaximumSpecial": "0",
"AllowLastCharSpecial": "TRUE",
"MinimumLength": "8",
"AllowFirstCharNumeric": "TRUE",
"PolicyEnabled": "true",
"ADComplexityMaxViolations": "2",
"MinimumUnique": "4",
"CaseSensitive": "TRUE",
"AllowFirstCharSpecial": "TRUE",
"MinimumSpecial": "1",
"MaximumLowerCase": "0",
"MaximumNonAlpha": "0"
},
"passwordRules": [
"Password is case sensitive.",
"Must be at least 8 characters long.",
"Must be no more than 20 characters long.",
"Must include at least 2 numbers.",
"Must have at least 1 symbol (non letter or number) character.",
"Must not repeat any character sequentially more than 4 times.",
"Must have at least 1 uppercase letter.",
"Must have at least 4 unique characters.",
"Must not include part of your name or user name.",
"New password may not have been used previously."
]
},
"passwordReadable": true,
"passwordWithinMinimumLifetime": false,
"permissions": {
"PWMADMIN": "DENIED",
"CHANGE_PASSWORD": "GRANTED",
"ACTIVATE_USER": "DENIED",
"SETUP_RESPONSE": "GRANTED",
"GUEST_REGISTRATION": "DENIED",
"PEOPLE_SEARCH": "GRANTED",
"WEBSERVICE": "DENIED",
"WEBSERVICE_THIRDPARTY": "DENIED"
},
"ldapPasswordPolicy": {
"policyMap": {
"chai.pwrule.changeMessage": "",
"chai.pwrule.upper.min": "1",
"chai.pwrule.numeric.allow": "TRUE",
"chai.pwrule.disallowedValues": "",
"chai.pwrule.length.max": "20",
"chai.pwrule.nonalpha.allow": "TRUE",
"chai.pwrule.nonalpha.max": "0",
"chai.pwrule.disallowedAttributes": "FullName\nGivenName\nSurname",
"chai.pwrule.uniqueRequired": "TRUE",
"chai.pwrule.ADComplexity2008": "FALSE",
"chai.pwrule.sequentialRepeat.max": "4",
"chai.pwrule.lower.min": "0",
"chai.pwrule.special.max": "0",
"chai.pwrule.nonalpha.min": "0",
"chai.pwrule.numeric.allowLast": "TRUE",
"chai.pwrule.numeric.allowFirst": "TRUE",
"chai.pwrule.policyEnabled": "true",
"chai.pwrule.special.allow": "TRUE",
"chai.pwrule.expirationInterval": "2592000",
"chai.pwrule.special.min": "1",
"chai.pwrule.lower.max": "0",
"chai.pwrule.numeric.max": "0",
"chai.pwrule.ADComplexityMaxViolation": "2",
"chai.pwrule.upper.max": "0",
"chai.pwrule.numeric.min": "2",
"chai.pwrule.unique.min": "4",
"chai.pwrule.special.allowFirst": "TRUE",
"chai.pwrule.length.min": "8",
"chai.pwrule.special.allowLast": "TRUE",
"chai.pwrule.caseSensitive": "TRUE",
"chai.pwrule.lifetime.minimimum": "0"
}
},
"configuredPasswordPolicy": {
"policyMap": {
"password.policy.maximumAlpha": "0",
"chai.pwrule.repeat.max": "4",
"chai.pwrule.upper.min": "0",
"chai.pwrule.numeric.allow": "true",
"chai.pwrule.disallowedValues": "password\ntest",
"password.policy.disallowCurrent": "true",
"password.policy.regExMatch": "",
"chai.pwrule.length.max": "64",
"chai.pwrule.nonalpha.allow": "true",
"chai.pwrule.nonalpha.max": "0",
"password.policy.ADComplexityLevel": "NONE",
"password.policy.minimumStrength": "0",
"chai.pwrule.disallowedAttributes": "cn\ngivenName\nsn",
"password.policy.charGroup.minimumMatch": "0",
"chai.pwrule.sequentialRepeat.max": "4",
"password.policy.minimumAlpha": "0",
"chai.pwrule.lower.min": "0",
"chai.pwrule.special.max": "0",
"password.policy.allowMacroInRegexSetting": "true",
"chai.pwrule.numeric.allowLast": "true",
"chai.pwrule.nonalpha.min": "0",
"password.policy.charGroup.regExValues": ".[0-9]\n.[a-z]\n.[A-Z]\n.[^A-Za-z0-9]",
"chai.pwrule.numeric.allowFirst": "true",
"chai.pwrule.special.allow": "true",
"chai.pwrule.special.min": "1",
"chai.pwrule.lower.max": "0",
"chai.pwrule.numeric.max": "4",
"password.policy.checkWordlist": "true",
"chai.pwrule.ADComplexityMaxViolation": "2",
"chai.pwrule.upper.max": "0",
"chai.pwrule.numeric.min": "2",
"chai.pwrule.unique.min": "0",
"chai.pwrule.special.allowFirst": "true",
"chai.pwrule.length.min": "8",
"chai.pwrule.special.allowLast": "true",
"password.policy.maximumConsecutive": "0",
"password.policy.maximumOldPasswordChars": "1",
"chai.pwrule.lifetime.minimimum": "0",
"password.policy.regExNoMatch": ""
},
User debug for 2.0.6
"publicUserInfoBean": {
"userDN": "cn=MMusterm,ou=RZ-TEST,o=HKI",
"ldapProfile": "default",
"userID": "MMusterm",
"userGUID": "cabccec36b8fb14e3382cabccec36b8f",
"userEmailAddress": "[email protected]",
"language": "en",
"passwordExpirationTime": "2023-08-10T12:10:15Z",
"passwordLastModifiedTime": "2023-07-11T12:10:15Z",
"lastLoginTime": "2023-07-12T10:02:47Z",
"requiresNewPassword": false,
"requiresResponseConfig": false,
"requiresUpdateProfile": false,
"requiresOtpConfig": false,
"requiresInteraction": false,
"passwordStatus": {
"expired": false,
"preExpired": false,
"violatesPolicy": false,
"warnPeriod": false
},
"passwordPolicy": {
"MinimumNonAlpha": "0",
"MaximumUpperCase": "0",
"MinimumLowerCase": "0",
"UniqueRequired": "TRUE",
"MaximumLength": "20",
"DisallowedValues": "",
"MinimumLifetime": "0",
"AllowLastCharNumeric": "TRUE",
"AllowNonAlpha": "TRUE",
"ExpirationInterval": "2592000",
"MaximumSequentialRepeat": "4",
"MinimumUpperCase": "1",
"DisallowedAttributes": "FullName\nGivenName\nSurname",
"ChangeMessage": "",
"MaximumNumeric": "0",
"AllowSpecial": "TRUE",
"MinimumNumeric": "2",
"AllowNumeric": "TRUE",
"MaximumSpecial": "0",
"AllowLastCharSpecial": "TRUE",
"MinimumLength": "8",
"AllowFirstCharNumeric": "TRUE",
"PolicyEnabled": "true",
"ADComplexityMaxViolations": "2",
"MinimumUnique": "4",
"CaseSensitive": "TRUE",
"AllowFirstCharSpecial": "TRUE",
"MinimumSpecial": "1",
"MaximumLowerCase": "0",
"MaximumNonAlpha": "0"
},
"passwordRules": [
"Password is case sensitive.",
"Must be at least 8 characters long.",
"Must be no more than 20 characters long.",
"Must include at least 2 numbers.",
"Must have at least 1 symbol (non letter or number) character.",
"Must not repeat any character sequentially more than 4 times.",
"Must have at least 1 uppercase letter.",
"Must have at least 4 unique characters.",
"Must not include part of your name or user name.",
"New password may not have been used previously."
]
},
"passwordReadable": true,
"passwordWithinMinimumLifetime": false,
"permissions": {
"PWMADMIN": "DENIED",
"CHANGE_PASSWORD": "GRANTED",
"ACTIVATE_USER": "DENIED",
"SETUP_RESPONSE": "GRANTED",
"GUEST_REGISTRATION": "DENIED",
"PEOPLE_SEARCH": "GRANTED",
"WEBSERVICE": "DENIED",
"WEBSERVICE_THIRDPARTY": "DENIED"
},
"ldapPasswordPolicy": {
"policyMap": {
"chai.pwrule.changeMessage": "",
"chai.pwrule.upper.min": "1",
"chai.pwrule.numeric.allow": "TRUE",
"chai.pwrule.disallowedValues": "",
"chai.pwrule.length.max": "20",
"chai.pwrule.nonalpha.allow": "TRUE",
"chai.pwrule.nonalpha.max": "0",
"chai.pwrule.disallowedAttributes": "FullName\nGivenName\nSurname",
"chai.pwrule.uniqueRequired": "TRUE",
"chai.pwrule.ADComplexity2008": "FALSE",
"chai.pwrule.sequentialRepeat.max": "4",
"chai.pwrule.lower.min": "0",
"chai.pwrule.special.max": "0",
"chai.pwrule.nonalpha.min": "0",
"chai.pwrule.numeric.allowLast": "TRUE",
"chai.pwrule.numeric.allowFirst": "TRUE",
"chai.pwrule.policyEnabled": "true",
"chai.pwrule.special.allow": "TRUE",
"chai.pwrule.expirationInterval": "2592000",
"chai.pwrule.special.min": "1",
"chai.pwrule.lower.max": "0",
"chai.pwrule.numeric.max": "0",
"chai.pwrule.ADComplexityMaxViolation": "2",
"chai.pwrule.upper.max": "0",
"chai.pwrule.numeric.min": "2",
"chai.pwrule.unique.min": "4",
"chai.pwrule.special.allowFirst": "TRUE",
"chai.pwrule.length.min": "8",
"chai.pwrule.special.allowLast": "TRUE",
"chai.pwrule.caseSensitive": "TRUE",
"chai.pwrule.lifetime.minimimum": "0"
}
},
"configuredPasswordPolicy": {
"policyMap": {
"password.policy.maximumAlpha": "0",
"chai.pwrule.repeat.max": "4",
"chai.pwrule.upper.min": "0",
"chai.pwrule.numeric.allow": "true",
"chai.pwrule.disallowedValues": "password\ntest",
"password.policy.disallowCurrent": "true",
"password.policy.regExMatch": "",
"chai.pwrule.length.max": "64",
"chai.pwrule.nonalpha.allow": "true",
"chai.pwrule.nonalpha.max": "0",
"password.policy.ADComplexityLevel": "NONE",
"password.policy.minimumStrength": "0",
"chai.pwrule.disallowedAttributes": "cn\ngivenName\nsn",
"password.policy.charGroup.minimumMatch": "0",
"chai.pwrule.sequentialRepeat.max": "4",
"password.policy.minimumAlpha": "0",
"chai.pwrule.lower.min": "0",
"chai.pwrule.special.max": "0",
"password.policy.allowMacroInRegexSetting": "true",
"chai.pwrule.numeric.allowLast": "true",
"chai.pwrule.nonalpha.min": "0",
"password.policy.charGroup.regExValues": ".[0-9]\n.[a-z]\n.[A-Z]\n.[^A-Za-z0-9]",
"chai.pwrule.numeric.allowFirst": "true",
"chai.pwrule.special.allow": "true",
"chai.pwrule.special.min": "1",
"chai.pwrule.lower.max": "0",
"chai.pwrule.numeric.max": "4",
"password.policy.checkWordlist": "true",
"chai.pwrule.ADComplexityMaxViolation": "2",
"chai.pwrule.upper.max": "0",
"chai.pwrule.numeric.min": "2",
"chai.pwrule.unique.min": "0",
"chai.pwrule.special.allowFirst": "true",
"chai.pwrule.length.min": "8",
"chai.pwrule.special.allowLast": "true",
"password.policy.maximumConsecutive": "0",
"password.policy.maximumOldPasswordChars": "1",
"chai.pwrule.lifetime.minimimum": "0",
"password.policy.regExNoMatch": ""
},