wso2 / api-manager

All issues, tasks, improvements and new features of WSO2 API Manager
Apache License 2.0
34 stars 8 forks source link

Unable to JIT provisioning users when enabling password validation #2286

Closed WathsalaKoralege closed 9 months ago

WathsalaKoralege commented 11 months ago

Description

Description: JIT provisioning of federated users fails when the default password policy is enabled.

Steps to Reproduce

  1. Get APIM 4.1 and configure IDP by following this documentation [1].

  2. Then go to the Resident Identity providers, and expand the Password Policies and tick the Validate passwords based on a policy pattern. Then define the below password policy (it seems like this is the default policy).

^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.[#$^+=!*()@%&]).{12,16}$

Then create a user from the IS side and try to login to the devportal. You’ll see the password validation issue.

Caused by: org.wso2.carbon.identity.mgt.policy.PolicyViolationException: 'Password pattern policy violated. Password should contain a digit[0-9], a lower case letter[a-z], an upper case letter[A-Z], one of !@#$%&* characters'
at org.wso2.carbon.identity.mgt.policy.PolicyRegistry.enforcePasswordPolicies(PolicyRegistry.java:39) ~[org.wso2.carbon.identity.mgt_5.18.248.jar:?]
at org.wso2.carbon.identity.password.policy.handler.PasswordPolicyValidationHandler.handleEvent(PasswordPolicyValidationHandler.java:166) ~[org.wso2.carbon.identity.password.policy_1.4.100.jar:?]
at org.wso2.carbon.identity.event.services.IdentityEventServiceImpl.handleEvent(IdentityEventServiceImpl.java:56) ~[org.wso2.carbon.identity.event_5.18.248.jar:?]
at org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:1693) ~[org.wso2.carbon.identity.governance_1.4.100.3.jar:?]
at org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:1669) ~[org.wso2.carbon.identity.governance_1.4.100.3.jar:?]
at org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.handleEvent(IdentityMgtEventListener.java:1657) ~[org.wso2.carbon.identity.governance_1.4.100.3.jar:?]
at org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener.doPreAddUser(IdentityMgtEventListener.java:202) ~[org.wso2.carbon.identity.governance_1.4.100.3.jar:?]
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addUser(AbstractUserStoreManager.java:4846) ~[org.wso2.carbon.user.core_4.6.3.5.jar:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.wso2.carbon.user.core.common.AbstractUserStoreManager$2.run(AbstractUserStoreManager.java:205) ~[org.wso2.carbon.user.core_4.6.3.5.jar:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:202) ~[org.wso2.carbon.user.core_4.6.3.5.jar:?]
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addUser(AbstractUserStoreManager.java:4695) ~[org.wso2.carbon.user.core_4.6.3.5.jar:?]
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addUser(AbstractUserStoreManager.java:4681) ~[org.wso2.carbon.user.core_4.6.3.5.jar:?]
at org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.DefaultProvisioningHandler.handle(DefaultProvisioningHandler.java:206) ~[org.wso2.carbon.identity.application.authentication.framework_5.18.248.7.jar:?]

[1] https://apim.docs.wso2.com/en/latest/install-and-setup/setup/sso/configuring-identity-server-as-external-idp-using-oidc/#step-2-configure-the-service-provider

Affected Component

APIM

Version

4.1.0

Environment Details (with versions)

No response

Relevant Log Output

No response

Related Issues

No response

Suggested Labels

No response

YasasRangika commented 9 months ago

public fix:https://github.com/wso2/carbon-identity-framework/pull/3330/files has already been merged.