Solutions

Minimum password length is 8 error in AM (All versions) when updating identities using the REST API

Last updated Jul 9, 2018

The purpose of this article is to provide assistance if you encounter a "Minimum password length is 8" error when updating identities using the REST API in AM, even though the user's password meets this requirement. This issue also occurs when unlocking a user's account.


2 readers recommend this article

Symptoms

The following error is shown when updating identities using the REST API even though the user's password is at least 8 characters:

{"code":404,"reason":"Not Found","message":"Minimum password length is 8."}

For example, if you use a REST call such as:

  • To unlock a user's account:
    $ curl -X PUT -H "iPlanetDirectoryPro: AQIC5wM2LY4Sfcxs...EwNDU2NjE0*" -H "Content-type: application/json" -H "Accept-API-Version: resource=3.0, protocol=1.0" -d'{
        "inetUserStatus": "Active"
    }' http://host1.example.com:8080/openam/json/realms/root/users/demo
  • To update a user's email address:
    $ curl -X PUT -H "iPlanetDirectoryPro: AQIC5wM2LY4Sfcxs...EwNDU2NjE0*" -H "Content-type: application/json" -H "Accept-API-Version: resource=3.0, protocol=1.0" -d'{
        "mail": "demo@example.com" 
    }' http://host1.example.com:8080/openam/json/realms/root/realms/employees/users/demo

Recent Changes

Installed, or upgraded to AM 5 or later.

Causes

The Default Protocol Version setting for a new install defaults to LATEST, but this setting does not work as expected per known issue: OPENAM-11052 (Minimum password length is 8 error in AM 5.0 when updating identities using the REST API).

See Development Guide › REST API Versioning for further information on REST versioning.   

Solution

The following are suggested workarounds to resolve this issue; either include the Accept-API-Version header in your REST call or set the Default Protocol Version to Oldest.

Include Accept-API-Version header

You can include the Accept-API-Version header in your REST call, for example:

$ curl -X PUT -H "iPlanetDirectoryPro: AQIC5wM2LY4Sfcxs...EwNDU2NjE0*" -H "Content-type: application/json" -H "Accept-API-Version: resource=3.0, protocol=1.0" -d'{
    "inetUserStatus": "Active"
}' http://host1.example.com:8080/openam/json/realms/root/users/demo

Set Default Protocol Version

You can set the Default Protocol Version using either the console or ssoadm:

  • Console: navigate to: Configure > Global Services > REST APIs > Default Protocol Version and select OLDEST. 
  • ssoadm: enter the following command:
    $ ./ssoadm set-attr-defs -s RestApisService -t Global -u [adminID] -f [passwordfile] -a openam-rest-apis-default-protocol=Oldest
    replacing [adminID] and [passwordfile] with appropriate values.

See Also

FAQ: REST API in AM/OpenAM

Using the REST API in AM/OpenAM

Related Training

N/A

Related Issue Tracker IDs

OPENAM-11052 (Minimum password length is 8 error in AM 5.0 when updating identities using the REST API)



Copyright and TrademarksCopyright © 2018 ForgeRock, all rights reserved.
Loading...