Password Policy still generating special charcters even when restricted to alphanumeric only

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

8.3

Share all details about your problem, including any error messages you may have received.

Hi Team,

I am facing issue with password generation in identity iq.

I have configured policy where min length =8, max length =13 and no special characters . Only alphanumeric characters are allowed.

But even with this configuration , identity iq is still generating password that include special characters.

Is there any additional setting, rule or system configuration required to fully restrict password generation to alphanumeric only?

Any help would be appreciated.

Thanks!

2

Did you verify it from debug that contains all options you configured? Also please clear caches and restart servers once and give a try.

3

From debug also i have verified . I also checked available properties in the policy configuration. Related property i found is minimumSpecialCharacters. I tried it two approaches :

  1. Keep it blank and 2. setting minimumSpecialCharacters=0

However in both the cases the generated password still includes special characters.

4

can you please share the password policy xml, I will try to see, what is causing it. Can fix it in my demo enviornment.

5

Hi Naveen,

I have added values to below properties only:

passwordMaxLength = “13“;

passwordMinLength =”8”;

passwordMinAlpha=”1”;

passwordMinNumeric=”1”;

other properties are only declared not defined with values.

As i am using a fieldvalue rule to generate a password - which uses this policy and using passwordGenerator generates a password.

Still it is including special characters. Do we have any solution for this ?

6

I think you have to look at it differently. You’ll need to configure a 13 min length password and a combination of alpha/numerics to get to 13, e.g. 9 min alphas and 4 min numerics.

This is what I have in a PasswordPolicy object:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE PasswordPolicy PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<PasswordPolicy name="My Password Policy">
  <PasswordConstraints>
    <Map>
      <entry key="checkCaseSensitive">
        <value>
          <Boolean></Boolean>
        </value>
      </entry>
      <entry key="checkPasswordAgainstAccountID">
        <value>
          <Boolean></Boolean>
        </value>
      </entry>
      <entry key="checkPasswordAgainstDisplayName">
        <value>
          <Boolean></Boolean>
        </value>
      </entry>
      <entry key="checkPasswordTriviality">
        <value>
          <Boolean></Boolean>
        </value>
      </entry>
      <entry key="checkPasswordsAgainstAccountAttributes">
        <value>
          <Boolean></Boolean>
        </value>
      </entry>
      <entry key="checkPasswordsAgainstDictionary">
        <value>
          <Boolean></Boolean>
        </value>
      </entry>
      <entry key="checkPasswordsAgainstIdentityAttributes">
        <value>
          <Boolean></Boolean>
        </value>
      </entry>
      <entry key="minAccountIDUniqueChars"/>
      <entry key="minDisplayNameUniqueChars"/>
      <entry key="minHistoryUniqueChars"/>
      <entry key="passwordHistory"/>
      <entry key="passwordMaxLength" value="13"/>
      <entry key="passwordMinAlpha" value="9"/>
      <entry key="passwordMinCharType"/>
      <entry key="passwordMinLength"/>
      <entry key="passwordMinLower"/>
      <entry key="passwordMinNumeric" value="4"/>
      <entry key="passwordMinSpecial"/>
      <entry key="passwordMinUpper"/>
      <entry key="passwordRepeatedChar"/>
    </Map>
  </PasswordConstraints>
</PasswordPolicy>

In a rule I’m calling this to test:

import sailpoint.api.*;
  
String policyName = "My Password Policy";
PasswordPolicy policy = context.getObjectByName(PasswordPolicy.class, policyName);
List passwords = new ArrayList();
  
for (int x=0; x < 10; x++) {
  passwords.add(new PasswordGenerator(context).generatePassword(policy));     
}
  
return passwords;

Output:

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE List PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<List>
  <String>9s5n6swW2RdJW</String>
  <String>1FNOw9sg1G3mD</String>
  <String>GzE1DY57Cv4fW</String>
  <String>sVyk6tgWYQ459</String>
  <String>4sPGiY29Ji4BK</String>
  <String>4sCX2xUZX83Pa</String>
  <String>YM90dpW7fm7Wm</String>
  <String>k5cnvH3Bh1sV9</String>
  <String>eb1SeP692vlGU</String>
  <String>smp8wO7USd93l</String>
</List>

Run that a few times and it consistently gave me a 13 length password with 9 alphas and 4 numbers but most importantly no special chars.

1 Like
7

can you share the xml from debug please??

8

Go to Debug → System Configuration and check this entry:
<entry key="passwordSpecialCharacters" value="~!@#$%^*_+-={}\\][:;?,."/>

9

Hi @santhirajumunganda ,

I checked , this entry is present in system configuration.

10

Did you try by removing all the values from it?

11

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.