How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I change the data store minimum password length in AM (All versions) using Amster or ssoadm?

Last updated Jan 18, 2023

The purpose of this article is to provide information on changing the data store minimum password length in AM using Amster or ssoadm. The minimum password length defaults to 8; this is a data store setting that applies to password changes (when existing users reset their password or change their password) and is independent of any password length restrictions in DS. This also includes forgotten password resets made via the REST API user self-service functionality.


2 readers recommend this article

Overview

You can change the data store minimum password length using Amster or ssoadm:

This setting cannot be changed in the AM admin UI.

Using Amster

You can change the data store minimum password length using Amster; you can do this globally or in a specific realm, where realm level takes precedence over the global level.

Follow the steps in How do I update property values in AM (All versions) using Amster? with these values:

  • Entity: IdRepository
  • Property: minimumPasswordLength
Note

You must restart the web application container in which AM runs to apply these configuration changes.

Using ssoadm

You can change the data store minimum password length using ssoadm; you can do this globally or in a specific realm, where realm level takes precedence over the global level:

ssoadm - Global

  1. Run the following command to create a data file (called DATA_FILE to match the next command), which is populated with the current sunIdRepoAttributeValidator property values to ensure you don't lose any existing changes: $ ./ssoadm get-attr-defs -s sunIdentityRepositoryService -t Organization -u [adminID] -f [passwordfile] | grep sunIdRepoAttributeValidator > DATA_FILEreplacing [adminID] and [passwordfile] with appropriate values.
  2. Update the data file you just created by amending the sunIdRepoAttributeValidator=minimumPasswordLength property value. For example, if you want to increase the minimum password length to 10, you would change it to: sunIdRepoAttributeValidator=minimumPasswordLength=10
  3. Run the following command to update the sunIdRepoAttributeValidator property values: $ ./ssoadm set-attr-defs -s sunIdentityRepositoryService -t Organization -u [adminID] -f [passwordfile] -D DATA_FILEreplacing [adminID] and [passwordfile] with appropriate values.
  4. Restart the web application container in which AM runs to apply these configuration changes.

ssoadm - Realm

  1. Run the following command to create a data file (called DATA_FILE to match the next command), which is populated with the current sunIdRepoAttributeValidator property values to ensure you don't lose any existing changes: $ ./ssoadm get-realm-svc-attrs -s sunIdentityRepositoryService -e [realmname] -u [adminID] -f [passwordfile] | grep sunIdRepoAttributeValidator > DATA_FILEreplacing [realmname], [adminID] and [passwordfile] with appropriate values.
  2. Update the data file you just created by amending the sunIdRepoAttributeValidator=minimumPasswordLength property value. For example, if you want to increase the minimum password length to 10, you would change it to: sunIdRepoAttributeValidator=minimumPasswordLength=10
  3. Run the following command to update the sunIdRepoAttributeValidator property values: $ ./ssoadm set-realm-svc-attrs -s sunIdentityRepositoryService -e [realmname] -u [adminID] -f [passwordfile] -D DATA_FILEreplacing [realmname], [adminID] and [passwordfile] with appropriate values.

See Also

Forgotten password reset or password change fails with Minimum password length is 8 error in AM (All versions)

How do I change what characters are permitted in user names in AM (All versions) for authentication purposes?

Change passwords

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.