How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I change the data store minimum password length in AM (All versions)?

Last updated Apr 13, 2021

The purpose of this article is to provide information on changing the data store minimum password length in AM. The minimum password length defaults to 8; this is a data store setting that applies to password changes (when existing users reset their password or change their password) and is independent of any password length restrictions in DS. This also includes forgotten password resets made via the REST API user self-service functionality (XUI).


1 reader recommends this article

Overview

You can change the data store minimum password length using Amster or ssoadm:

This setting cannot be changed in the console.

Using Amster

You can change the data store minimum password length using Amster; you can do this globally or in a specific realm, where realm level takes precedence over the global level.

Follow the steps in How do I update property values in AM (All versions) using Amster? with these values:

  • Entity: IdRepository
  • Property: minimumPasswordLength
Note

You must restart the web application container in which AM runs to apply these configuration changes.

Using ssoadm

You can change the data store minimum password length using ssoadm; you can do this globally or in a specific realm, where realm level takes precedence over the global level:

ssoadm - Global

  1. Run the following command to create a data file (called DATA_FILE to match the next command), which is populated with the current sunIdRepoAttributeValidator property values to ensure you don't lose any existing changes: $ ./ssoadm get-attr-defs -s sunIdentityRepositoryService -t Organization -u [adminID] -f [passwordfile] | grep sunIdRepoAttributeValidator > DATA_FILEreplacing [adminID] and [passwordfile] with appropriate values.
  2. Update the data file you just created by amending the sunIdRepoAttributeValidator=minimumPasswordLength property value. For example, if you want to increase the minimum password length to 10, you would change it to: sunIdRepoAttributeValidator=minimumPasswordLength=10
  3. Run the following command to update the sunIdRepoAttributeValidator property values: $ ./ssoadm set-attr-defs -s sunIdentityRepositoryService -t Organization -u [adminID] -f [passwordfile] -D DATA_FILEreplacing [adminID] and [passwordfile] with appropriate values.
  4. Restart the web application container in which AM runs to apply these configuration changes.

ssoadm - Realm

  1. Run the following command to create a data file (called DATA_FILE to match the next command), which is populated with the current sunIdRepoAttributeValidator property values to ensure you don't lose any existing changes: $ ./ssoadm get-realm-svc-attrs -s sunIdentityRepositoryService -e [realmname] -u [adminID] -f [passwordfile] | grep sunIdRepoAttributeValidator > DATA_FILEreplacing [realmname], [adminID] and [passwordfile] with appropriate values.
  2. Update the data file you just created by amending the sunIdRepoAttributeValidator=minimumPasswordLength property value. For example, if you want to increase the minimum password length to 10, you would change it to: sunIdRepoAttributeValidator=minimumPasswordLength=10
  3. Run the following command to update the sunIdRepoAttributeValidator property values: $ ./ssoadm set-realm-svc-attrs -s sunIdentityRepositoryService -e [realmname] -u [adminID] -f [passwordfile] -D DATA_FILEreplacing [realmname], [adminID] and [passwordfile] with appropriate values.
Note

When changing the data store minimum password length in AM 5 or AM 5.1, you may encounter an "Exception in thread "SystemTimer" java.lang.Error: java.lang.ExceptionInInitializerError" response. This error can be safely ignored since the operation performed by ssoadm still completes successfully. See java.lang.ExceptionInInitializerError when using ssoadm commands in AM 5, 5.1 and OpenAM 13, 13.5, 13.5.1 for further information.

See Also

Forgotten password reset or password change fails with Minimum password length is 8 error in AM (All versions)

How do I change what characters are permitted in user names in AM (All versions) for authentication purposes?

Setup Guide › Changing Passwords

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.