Solutions
ForgeRock Identity Platform
Does not apply to Identity Cloud

Minimum password length is 8 error in AM (All versions) when updating identities using the REST API

Last updated May 10, 2022

The purpose of this article is to provide assistance if you encounter a "Minimum password length is 8" error when updating identities using the REST API in AM, even though the user's password meets this requirement. This issue also occurs when unlocking a user's account.


2 readers recommend this article

Symptoms

The following error is shown when updating identities using the REST API even though the user's password is at least 8 characters:

{"code":404,"reason":"Not Found","message":"Minimum password length is 8."}

For example, if you use a REST call such as:

  • To unlock a user's account: $ curl -X PUT -H "iPlanetDirectoryPro: AQIC5wM2LY4Sfcxs...EwNDU2NjE0*" -H "Content-type: application/json" -H "Accept-API-Version: resource=3.0" -d'{ "inetUserStatus": "Active" }' http://host1.example.com:8080/openam/json/realms/root/users/demo
  • To update a user's email address: $ curl -X PUT -H "iPlanetDirectoryPro: AQIC5wM2LY4Sfcxs...EwNDU2NjE0*" -H "Content-type: application/json" -H "Accept-API-Version: resource=3.0" -d'{ "mail": "demo@example.com" }' http://host1.example.com:8080/openam/json/realms/root/realms/employees/users/demo

Recent Changes

Installed, or upgraded to AM 5 or later.

Causes

The Default Protocol Version setting for a new install defaults to LATEST, but this setting does not work as expected per known issue: OPENAM-11052 (Minimum password length is 8 error in AM 5.0 when updating identities using the REST API).

See REST API Versioning for further information on REST versioning.

Solution

The following are suggested workarounds to resolve this issue; either include the Accept-API-Version header in your REST call or set the Default Protocol Version to Oldest.

Include Accept-API-Version header

You can include the Accept-API-Version header in your REST call, ensuring you specify the protocol version. For example:

$ curl -X PUT -H "iPlanetDirectoryPro: AQIC5wM2LY4Sfcxs...EwNDU2NjE0*" -H "Content-type: application/json" -H "Accept-API-Version: resource=3.0,protocol=1.0" -d'{ "inetUserStatus": "Active" }' http://host1.example.com:8080/openam/json/realms/root/users/demo

Set Default Protocol Version

You can set the Default Protocol Version using either the console or ssoadm:

  • Console: navigate to: Configure > Global Services > REST APIs > Default Protocol Version and select OLDEST.
  • ssoadm: enter the following command: $ ./ssoadm set-attr-defs -s RestApisService -t Global -u [adminID] -f [passwordfile] -a openam-rest-apis-default-protocol=Oldest replacing [adminID] and [passwordfile] with appropriate values.

See Also

FAQ: REST API in AM

Using the REST API in AM

Related Training

N/A

Related Issue Tracker IDs

OPENAM-11052 (Minimum password length is 8 error in AM 5.0 when updating identities using the REST API)


Copyright and Trademarks Copyright © 2022 ForgeRock, all rights reserved.