ForgeRock Identity Platform
Does not apply to Identity Cloud

Forgotten password reset or password change fails with Minimum password length is 8 error in AM (All versions)

Last updated Jan 16, 2023

The purpose of this article is to provide assistance if the forgotten password reset or password change fails with a "Minimum password length is 8." error in AM. This includes forgotten password resets made via the REST API user self-service functionality and can occur even if DS does not have a minimum password length specified.

1 reader recommends this article


The following response is received when changing a user's password using the REST API:

{"code":400,"reason":"Bad Request","message":"Minimum password length is 8."}

An error similar to the following is shown in the CoreSystem log:

frRest:03/23/2015 12:21:47:014 PM EST: Thread[http-/,5,main] Validated token with ID, /yYP00ugcvJhNAnaPT4qUV+aJ+M=, in realm, /internal against GlJuGh/4ZqIlJe8Qew4JOjWPMuc= amIdentityServices:02/23/2015 12:37:20:023 PM EST: Thread[http-/,5,main] ********************************************** amIdentityServices:03/23/2015 12:21:47:023 PM EST: Thread[http-/,5,main] ERROR: IdentityServicesImpl:update Message:Minimum password length is 8. at com.sun.identity.idm.server.IdRepoAttributeValidatorImpl.validateAttributes( at com.sun.identity.idm.server.IdServicesImpl.setAttributes( at com.sun.identity.idm.server.IdCachedServicesImpl.setAttributes( at at com.sun.identity.idsvcs.opensso.IdentityServicesImpl.update( at org.forgerock.openam.forgerockrest.IdentityResourceV2.updateInstance( at org.forgerock.openam.forgerockrest.IdentityResourceV2.anonymousUpdate( at org.forgerock.openam.forgerockrest.IdentityResourceV2.actionCollection( at org.forgerock.json.resource.Resources$CollectionHandler.handleAction( at org.forgerock.json.resource.Router.handleAction( at org.forgerock.json.resource.VersionRouter$VersionRouterImpl.handleAction( at org.forgerock.json.resource.Router.handleAction( at org.forgerock.json.resource.VersionRouter.handleAction( at [...] frRest:02/23/2015 12:37:20:024 PM EST: Thread[http-/,5,main] ERROR: IdentityResource.updateInstance() :: Cannot UPDATE! com.sun.identity.idsvcs.GeneralFailure: Minimum password length is 8.

Recent Changes

Implemented the user self-service functionality to reset forgotten passwords.


The minimum password length is a data store setting that applies to password changes and is independent of any password length restrictions in DS. When a new password with less than 8 characters (default minimum password length) is specified, the forgotten password reset or password change fails.


This issue can be resolved by ensuring all users comply with the minimum password length or by adjusting the minimum password length required.

See How do I change the data store minimum password length in AM (All versions) using Amster or ssoadm? for further information.

See Also

How do I change the data store minimum password length in AM (All versions) using Amster or ssoadm?

Change Passwords

Related Training


Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.