How do I change the data store minimum password length in AM (All versions) using Amster or ssoadm?
The purpose of this article is to provide information on changing the data store minimum password length in AM using Amster or ssoadm. The minimum password length defaults to 8; this is a data store setting that applies to password changes (when existing users reset their password or change their password) and is independent of any password length restrictions in DS. This also includes forgotten password resets made via the REST API user self-service functionality.
2 readers recommend this article
Overview
You can change the data store minimum password length using Amster or ssoadm:
This setting cannot be changed in the AM admin UI.
Using Amster
You can change the data store minimum password length using Amster; you can do this globally or in a specific realm, where realm level takes precedence over the global level.
Follow the steps in How do I update property values in AM (All versions) using Amster? with these values:
- Entity: IdRepository
- Property: minimumPasswordLength
Note
You must restart the web application container in which AM runs to apply these configuration changes.
Using ssoadm
You can change the data store minimum password length using ssoadm; you can do this globally or in a specific realm, where realm level takes precedence over the global level:
ssoadm - Global
- Run the following command to create a data file (called DATA_FILE to match the next command), which is populated with the current sunIdRepoAttributeValidator property values to ensure you don't lose any existing changes: $ ./ssoadm get-attr-defs -s sunIdentityRepositoryService -t Organization -u [adminID] -f [passwordfile] | grep sunIdRepoAttributeValidator > DATA_FILEreplacing [adminID] and [passwordfile] with appropriate values.
- Update the data file you just created by amending the sunIdRepoAttributeValidator=minimumPasswordLength property value. For example, if you want to increase the minimum password length to 10, you would change it to: sunIdRepoAttributeValidator=minimumPasswordLength=10
- Run the following command to update the sunIdRepoAttributeValidator property values: $ ./ssoadm set-attr-defs -s sunIdentityRepositoryService -t Organization -u [adminID] -f [passwordfile] -D DATA_FILEreplacing [adminID] and [passwordfile] with appropriate values.
- Restart the web application container in which AM runs to apply these configuration changes.
ssoadm - Realm
- Run the following command to create a data file (called DATA_FILE to match the next command), which is populated with the current sunIdRepoAttributeValidator property values to ensure you don't lose any existing changes: $ ./ssoadm get-realm-svc-attrs -s sunIdentityRepositoryService -e [realmname] -u [adminID] -f [passwordfile] | grep sunIdRepoAttributeValidator > DATA_FILEreplacing [realmname], [adminID] and [passwordfile] with appropriate values.
- Update the data file you just created by amending the sunIdRepoAttributeValidator=minimumPasswordLength property value. For example, if you want to increase the minimum password length to 10, you would change it to: sunIdRepoAttributeValidator=minimumPasswordLength=10
- Run the following command to update the sunIdRepoAttributeValidator property values: $ ./ssoadm set-realm-svc-attrs -s sunIdentityRepositoryService -e [realmname] -u [adminID] -f [passwordfile] -D DATA_FILEreplacing [realmname], [adminID] and [passwordfile] with appropriate values.
See Also
Related Training
N/A
Related Issue Tracker IDs
N/A