How to add a check on password policy step in LCM Manage Password

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

Hello community!!!

I need a suggestion on this problem. I am having to customize the LCM Manage password and add a step to verify the global password policy set Global Settings > IdentityIQ Configuration > Password
This is because for some issues we cannot set the password policy on every target on which we will propagate password changes.
Professional Services directed me down this path by pointing me to these 2 links to get info:

https://community.sailpoint.com/t5/Technical-White-Papers/IdentityIQ-REST-API-Integration/ta-p/76814#toc-hId-1674832279

https://community.sailpoint.com/t5/IdentityIQ-Forum/An-API-That-Checks-if-Password-Matches-Password-Policy/m-p/50438#M48761

Has anyone ever made this change to the LCM Manage Password?

Thank you.

Damiano

I would suggest to make new workflow let’s call it ‘LCM Manage Passwords Launcher’ which would have 2 steps

  • 1 in which you can inspect provisioning plan to verify password
  • 2 in which you start ‘LCM Manage Passwords’ as sub workflow and pass plan to it.

You will have to additionaly change workflow in LCM configuration.

Hello,

Thank you for your reply! It seems like a better solution to me than editing the existing LCM Manage Password. However, I am still left with the question on how to perform the check on the password policy, do you have any suggestions on this?

In the step you can just make something like that

import sailpoint.api.PasswordPolice;
import sailpoint.object.Identity;
import sailpoint.object.PasswordPolicy;

String policyName = "123";
PasswordPolicy policy = context.getObject(PasswordPolicy.class,policyName);
Boolean correctPassword = false;
try {
PasswordPolice.checkPassword(identity,policy,password,identity.getPasswordHistory());
correctPassword = true;
}catch PasswordPolicyException e
{
correctPassword = false
}

with assumption that identity and password are already available variables - if not you have to calculate (get) them into the step.

@dapuccina I would suggest to create a copy of LCM Manage Password WF and add logic in start step, in this case you only need to update during upgrade. Upgrade will not update by default.

you should have identityName, launcher, plan. In plan you will get accountRequest where you get the password ( you need to decrypt while calling PasswordPolice method.

You I would say try to use : PasswordPolice → checkPasswordWithHistory method.

Hi! Thank you for the suggestion. I am following this line. When I use checkPassword it works correctly. When I use checkPasswordWithHistory I encounter this error:

An unexpected error occurred: Error in method invocation: Method checkPasswordWithHistory(sailpoint.object.Identity, java.lang.String, boolean) not found in class’sailpoint.api.PasswordPolice’ : at Line: 27

Has this ever happened to you? The imports I entered are these:

import sailpoint.api.PasswordPolice;
import sailpoint.object.Identity;
import java.util.Iterator;

@dapuccina

Just one correction needed,

checkPasswordWithHistory(Link, password, boolean); It has Link not identity.

Thank you for your suggestion! I followed this, though instead of setting the script in the “START” I created a step right after and that works!
Thank you very much!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.