How do I change the data store minimum password length in AM (All versions)?
The purpose of this article is to provide information on changing the data store minimum password length in AM. The minimum password length defaults to 8; this is a data store setting that applies to password changes (when existing users reset their password or change their password) and is independent of any password length restrictions in DS. This also includes forgotten password resets made via the REST API user self-service functionality (XUI).
1 reader recommends this article
Overview
You can change the data store minimum password length using Amster or ssoadm:
This setting cannot be changed in the console.
Using Amster
You can change the data store minimum password length using Amster; you can do this globally or in a specific realm, where realm level takes precedence over the global level.
Follow the steps in How do I update property values in AM (All versions) using Amster? with these values:
- Entity: IdRepository
- Property: minimumPasswordLength
Note
You must restart the web application container in which AM runs to apply these configuration changes.
Using ssoadm
You can change the data store minimum password length using ssoadm; you can do this globally or in a specific realm, where realm level takes precedence over the global level:
ssoadm - Global
- Run the following command to create a data file (called DATA_FILE to match the next command), which is populated with the current sunIdRepoAttributeValidator property values to ensure you don't lose any existing changes: $ ./ssoadm get-attr-defs -s sunIdentityRepositoryService -t Organization -u [adminID] -f [passwordfile] | grep sunIdRepoAttributeValidator > DATA_FILEreplacing [adminID] and [passwordfile] with appropriate values.
- Update the data file you just created by amending the sunIdRepoAttributeValidator=minimumPasswordLength property value. For example, if you want to increase the minimum password length to 10, you would change it to: sunIdRepoAttributeValidator=minimumPasswordLength=10
- Run the following command to update the sunIdRepoAttributeValidator property values: $ ./ssoadm set-attr-defs -s sunIdentityRepositoryService -t Organization -u [adminID] -f [passwordfile] -D DATA_FILEreplacing [adminID] and [passwordfile] with appropriate values.
- Restart the web application container in which AM runs to apply these configuration changes.
ssoadm - Realm
- Run the following command to create a data file (called DATA_FILE to match the next command), which is populated with the current sunIdRepoAttributeValidator property values to ensure you don't lose any existing changes: $ ./ssoadm get-realm-svc-attrs -s sunIdentityRepositoryService -e [realmname] -u [adminID] -f [passwordfile] | grep sunIdRepoAttributeValidator > DATA_FILEreplacing [realmname], [adminID] and [passwordfile] with appropriate values.
- Update the data file you just created by amending the sunIdRepoAttributeValidator=minimumPasswordLength property value. For example, if you want to increase the minimum password length to 10, you would change it to: sunIdRepoAttributeValidator=minimumPasswordLength=10
- Run the following command to update the sunIdRepoAttributeValidator property values: $ ./ssoadm set-realm-svc-attrs -s sunIdentityRepositoryService -e [realmname] -u [adminID] -f [passwordfile] -D DATA_FILEreplacing [realmname], [adminID] and [passwordfile] with appropriate values.
Note
When changing the data store minimum password length in AM 5 or AM 5.1, you may encounter an "Exception in thread "SystemTimer" java.lang.Error: java.lang.ExceptionInInitializerError" response. This error can be safely ignored since the operation performed by ssoadm still completes successfully. See java.lang.ExceptionInInitializerError when using ssoadm commands in AM 5, 5.1 and OpenAM 13, 13.5, 13.5.1 for further information.
See Also
Related Training
N/A
Related Issue Tracker IDs
N/A