1

I am working on a custom OIG password management requirement for a client.

I am facing issue while validating the password history in policy definition (eg: shouldn't match last 5 passwords used).

For some reason, PasswordMgmtService API's validatePasswordAgainstPolicy method is bypassing the history validation and returning true if user enters any old password.

Below is the code snippet for reference.

public ValidationResult validatePasswordRACFPolicy(String loggedinUserKey, char[] userPassword)
{     
PasswordMgmtService pwdMgmtSvc = oimClient.getService(PasswordMgmtService.class); 
User usr = new User(loggedinUserKey); //loggedinUserKey is user key of logged in user
ValidationResult valResult = pwdMgmtSvc.validatePasswordAgainstPolicy(userPassword, usr, <App Instance Name>, Locale.getDefault());
IDMLOGGER.log(ODLLevel.FINEST, "Is Password Valid = " + valResult.isPasswordValid()); //this value is true even if user tries to reset password using any older passwords.
return valResult;   
}

Eventually, ending up with exception when I try to update the account password on target.

provSvc.changeAccountPassword(Long.valueOf(accountId), userPassword);
//provSvc is ProvisioningService API object, accountId is oiu_key, userPassword is the password entered by user.

Here are the exception details:

GenericProvisioningException An error occurred in oracle.iam.provisioning.handlers.ChangeAccountPasswordActionHandler/execute while changing the password for account with id 1234 and the casue of error is {2}.[[ at oracle.iam.provisioning.util.ProvisioningUtil.createEventFailedException(ProvisioningUtil.java:175) at oracle.iam.provisioning.handlers.ChangeAccountPasswordActionHandler.execute(ChangeAccountPasswordActionHandler.java:84 ... ... Class/Method: tcOrderItemInfo/validatePassword Error : Password Does Not Satisfy Policy
Chaitanya K
  • 1,827
  • 4
  • 32
  • 67
Praveen Kumar
  • 23
  • 4
  • can you post the exception details? – Chaitanya K Dec 12 '16 at 11:38
  • GenericProvisioningException An error occurred in oracle.iam.provisioning.handlers.ChangeAccountPasswordActionHandler/execute while changing the password for account with id 1234 and the casue of error is {2}.[[ at oracle.iam.provisioning.util.ProvisioningUtil.createEventFailedException(ProvisioningUtil.java:175) at oracle.iam.provisioning.handlers.ChangeAccountPasswordActionHandler.execute(ChangeAccountPasswordActionHandler.java:84 ... ... Class/Method: tcOrderItemInfo/validatePassword Error : Password Does Not Satisfy Policy – Praveen Kumar Dec 12 '16 at 11:58
  • can you point me to URL of APIs you are using ? Is it 11GR2PS3? I see your method takes input as `app instance name` which I could not find in APIs – Chaitanya K Dec 12 '16 at 12:00
  • `clientLogin.getPasswordMgmtService()` also I would like to know `clientLogin is object of which class?` – Chaitanya K Dec 12 '16 at 12:02
  • Password Management Service API URL: https://docs.oracle.com/cd/E52734_01/oim/OMJAV/oracle/iam/passwordmgmt/api/PasswordMgmtService.html#validatePasswordAgainstPolicy_char____oracle_iam_identity_usermgmt_vo_User__java_lang_String__java_util_Locale_ – Praveen Kumar Dec 12 '16 at 12:10
  • clientLogin is object of oracle.iam.platform.OIMClient – Praveen Kumar Dec 12 '16 at 12:11
  • Actually I am trying to run same code standalone but its saying "The method getPasswordMgmtService() is undefined for the type OIMClient" I think I need to use `getService()` method of it ? – Chaitanya K Dec 12 '16 at 12:21
  • As per the documentation `appInstance - name the application instance name to be provisioned` So are you provisioning this application instance and changing the password for the account? – Chaitanya K Dec 12 '16 at 12:23
  • 1
    I am sorry for the confusion, getPasswordMgmtService is a method in my utility class, please ignore that. Updated the code in question to clear things out. appInstance - it doesn't mean app instance is provisioned first and then password. It means for that app instance (target system) the change password has to be provisioned. – Praveen Kumar Dec 12 '16 at 12:29
  • @PraveenKumar Did you created the password policy accordingly and attached to the application instance which you are passing to validatePasswordAgainstPolicy method? – Kunal Varpe Dec 14 '16 at 10:15

0 Answers0