Forgotten password reset or password change fails with Minimum password length is 8 error in AM (All versions)
The purpose of this article is to provide assistance if the forgotten password reset or password change fails with a "Minimum password length is 8." error in AM. This includes forgotten password resets made via the REST API user self-service functionality and can occur even if DS does not have a minimum password length specified.
1 reader recommends this article
Symptoms
The following response is received when changing a user's password using the REST API:
{"code":400,"reason":"Bad Request","message":"Minimum password length is 8."}An error similar to the following is shown in the CoreSystem log:
frRest:03/23/2015 12:21:47:014 PM EST: Thread[http-/192.168.48.10:8080-1,5,main] Validated token with ID, /yYP00ugcvJhNAnaPT4qUV+aJ+M=, in realm, /internal against GlJuGh/4ZqIlJe8Qew4JOjWPMuc= amIdentityServices:02/23/2015 12:37:20:023 PM EST: Thread[http-/192.168.48.10:8080-1,5,main] ********************************************** amIdentityServices:03/23/2015 12:21:47:023 PM EST: Thread[http-/192.168.48.10:8080-1,5,main] ERROR: IdentityServicesImpl:update Message:Minimum password length is 8. at com.sun.identity.idm.server.IdRepoAttributeValidatorImpl.validateAttributes(IdRepoAttributeValidatorImpl.java:114) at com.sun.identity.idm.server.IdServicesImpl.setAttributes(IdServicesImpl.java:1688) at com.sun.identity.idm.server.IdCachedServicesImpl.setAttributes(IdCachedServicesImpl.java:525) at com.sun.identity.idm.AMIdentity.store(AMIdentity.java:535) at com.sun.identity.idsvcs.opensso.IdentityServicesImpl.update(IdentityServicesImpl.java:1157) at org.forgerock.openam.forgerockrest.IdentityResourceV2.updateInstance(IdentityResourceV2.java:948) at org.forgerock.openam.forgerockrest.IdentityResourceV2.anonymousUpdate(IdentityResourceV2.java:893) at org.forgerock.openam.forgerockrest.IdentityResourceV2.actionCollection(IdentityResourceV2.java:651) at org.forgerock.json.resource.Resources$CollectionHandler.handleAction(Resources.java:226) at org.forgerock.json.resource.Router.handleAction(Router.java:208) at org.forgerock.json.resource.VersionRouter$VersionRouterImpl.handleAction(VersionRouter.java:463) at org.forgerock.json.resource.Router.handleAction(Router.java:208) at org.forgerock.json.resource.VersionRouter.handleAction(VersionRouter.java:300) at org.forgerock.openam.rest.resource.CrestRouter.handleAction(CrestRouter.java:76) [...] frRest:02/23/2015 12:37:20:024 PM EST: Thread[http-/192.168.58.10:8080-1,5,main] ERROR: IdentityResource.updateInstance() :: Cannot UPDATE! com.sun.identity.idsvcs.GeneralFailure: Minimum password length is 8.Recent Changes
Implemented the user self-service functionality to reset forgotten passwords.
Causes
The minimum password length is a data store setting that applies to password changes and is independent of any password length restrictions in DS. When a new password with less than 8 characters (default minimum password length) is specified, the forgotten password reset or password change fails.
Solution
This issue can be resolved by ensuring all users comply with the minimum password length or by adjusting the minimum password length required.
See How do I change the data store minimum password length in AM (All versions) using Amster or ssoadm? for further information.
See Also
How do I change the data store minimum password length in AM (All versions) using Amster or ssoadm?
Related Training
N/A
Related Issue Tracker IDs
N/A