Description:
JIT provisioning of federated users fails when the default password policy is enabled.
Steps to Reproduce
Get APIM 4.1 and configure IDP by following this documentation [1].
Then go to the Resident Identity providers, and expand the Password Policies and tick the Validate passwords based on a policy pattern. Then define the below password policy (it seems like this is the default policy).
Then create a user from the IS side and try to login to the devportal. You’ll see the password validation issue.
Caused by: org.wso2.carbon.identity.mgt.policy.PolicyViolationException: 'Password pattern policy violated. Password should contain a digit[0-9], a lower case letter[a-z], an upper case letter[A-Z], one of !@#$%&* characters'
at org.wso2.carbon.identity.mgt.policy.PolicyRegistry.enforcePasswordPolicies(PolicyRegistry.java:39) ~[org.wso2.carbon.identity.mgt_5.18.248.jar:?]
at org.wso2.carbon.identity.password.policy.handler.PasswordPolicyValidationHandler.handleEvent(PasswordPolicyValidationHandler.java:166) ~[org.wso2.carbon.identity.password.policy_1.4.100.jar:?]
at org.wso2.carbon.identity.event.services.IdentityEventServiceImpl.handleEvent(IdentityEventServiceImpl.java:56) ~[org.wso2.carbon.identity.event_5.18.248.jar:?]
at org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:1693) ~[org.wso2.carbon.identity.governance_1.4.100.3.jar:?]
at org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:1669) ~[org.wso2.carbon.identity.governance_1.4.100.3.jar:?]
at org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:1657) ~[org.wso2.carbon.identity.governance_1.4.100.3.jar:?]
at org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.doPreAddUser(IdentityMgtEventListener.java:202) ~[org.wso2.carbon.identity.governance_1.4.100.3.jar:?]
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addUser(AbstractUserStoreManager.java:4846) ~[org.wso2.carbon.user.core_4.6.3.5.jar:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.wso2.carbon.user.core.common.AbstractUserStoreManager$2.run(AbstractUserStoreManager.java:205) ~[org.wso2.carbon.user.core_4.6.3.5.jar:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:202) ~[org.wso2.carbon.user.core_4.6.3.5.jar:?]
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addUser(AbstractUserStoreManager.java:4695) ~[org.wso2.carbon.user.core_4.6.3.5.jar:?]
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addUser(AbstractUserStoreManager.java:4681) ~[org.wso2.carbon.user.core_4.6.3.5.jar:?]
at org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.DefaultProvisioningHandler.handle(DefaultProvisioningHandler.java:206) ~[org.wso2.carbon.identity.application.authentication.framework_5.18.248.7.jar:?]
Description
Description: JIT provisioning of federated users fails when the default password policy is enabled.
Steps to Reproduce
Get APIM 4.1 and configure IDP by following this documentation [1].
Then go to the Resident Identity providers, and expand the Password Policies and tick the Validate passwords based on a policy pattern. Then define the below password policy (it seems like this is the default policy).
^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.[#$^+=!*()@%&]).{12,16}$
Then create a user from the IS side and try to login to the devportal. You’ll see the password validation issue.
[1] https://apim.docs.wso2.com/en/latest/install-and-setup/setup/sso/configuring-identity-server-as-external-idp-using-oidc/#step-2-configure-the-service-provider
Affected Component
APIM
Version
4.1.0
Environment Details (with versions)
No response
Relevant Log Output
No response
Related Issues
No response
Suggested Labels
No response