Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

How do I modify the password policy used by SavPwFilter

DuncanClay
New Contributor
New Contributor

We use the SavPwFilter to synchronise AD with OpenLDAP.  It is working, except users must include a special character in their password.  AD does not require passwords to contain a special character.  The SavPwFilter.json has filter:enabled:false.

I suspect the SaviyntDefaultRule password policy is enforcing this, as it does require a special character.  I have tried to modify the SaviyntDefaultRule but it appears to be read only. I have created an application password policy that does not require a special character and applied it to the associated Security Systems, but this did not solve the problem.

In the SavPwFilter.log this is a password change with a special character:

2022-09-21T12:17:37ℹ️820: curlInterface-PostURL:: http response status code is 200 []
2022-09-21T12:17:37ℹ️820: curlInterface-ChangePassword::PostURL return result [0]
2022-09-21T12:17:37ℹ️820: curlInterface-ChangePassword:: Response Data: {"Status":"Success","TaskIDs":[888768],"errorCode":"0","message":"Password updated successfully"}

and this is the password change without a special character:

2022-09-21T12:18:53ℹ️820: curlInterface-PostURL:: http response status code is 412 []
2022-09-21T12:18:53ℹ️820: curlInterface-ChangePassword::PostURL return result [57756]
2022-09-21T12:18:53ℹ️820: curlInterface-ChangePassword:: Response status code: 412, Error Response:{"errorCode":"1","message":"password does not meet specified criteria"}

2 REPLIES 2

DuncanClay
New Contributor
New Contributor

Solved.

There is an undocumented name value pair in SavPwFilter.json (search saviynt.freshdesk.com for "Configuring Password Synchronization from Active Directory").  You need to change it to set it as follows:

"validateagainstpolicy": "N"

Thanks @DuncanClay, We will send this feedback to the documentation team.

 

 

Regards,
Avinash Chhetri