Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/21/2024 09:25 PM
Hi,
Can we put a regex in Password Policy Json.
Our requirement is to generate a random password during account creation. I want to understand if we can put regex or define the special characters in the JSON using which password is generated.
Thanks,
Mahak
08/21/2024 09:27 PM
08/21/2024 09:30 PM
If i associate a password policy in the security system, the application will be made available under the change password tile, which we do not want.
08/21/2024 09:34 PM - edited 08/21/2024 09:36 PM
You can hide application from change password tile by adding dummy access query under endpoints Change Password Access Query
Where userkey = 0
08/21/2024 09:37 PM
okay, but no way to directly add regex in JSON?
08/21/2024 09:41 PM
No. Directly in connection json is not supported
08/22/2024 11:35 PM
okay, i also see that after putting the regex in Password Policy, a blacklisted word mentioned in the policy is being accepted because it allowed from Regex perspective. How can we avoid this?
Regards,
Mahak
08/23/2024 07:46 AM
Can you share configuration
08/25/2024 07:33 AM
08/26/2024 05:13 AM
Yes, during change password.
08/26/2024 05:47 AM
What is the scope of passwords? When I used your JSON, it showed a regex error.
08/28/2024 12:32 AM
Sorry, what do u mean by scope?
It works for me when trying to use the suggested password feature in Change password Tile.
Thanks,
Mahak
08/28/2024 07:21 AM
Ok Scope is Account and not user.
08/25/2024 12:07 AM
Regex:
^[a-zA-Z0-9!@#$%^&*()_+{}:;"',<>.?/]{14,20}$
Configuration in Policy: Attached a Pic
Blacklisted Word in Blacklist.txt file: Welcome1234567,pa$5w0rd12345678
External Configuration in File:
blacklistdictionaryPath.statickeywords=/saviynt_shared/saviynt/Conf/blacklist/blacklist.txt
Thanks,
Mahak
08/25/2024 03:54 AM - edited 08/25/2024 03:55 AM
Hi @Mahak_Acharya to check the blacklisted keyword did you hardcode the password in json if so password policy won't come into picture.
2) if you tried to generate the blacklisted keyword via regex did it print the same value in logs which is added in blacklisted txt file?
08/26/2024 05:22 AM
1) No, i am not hardcoding the password in the json. In the change pass json, we are passing the variable "${arsTasks.getPassword()}" in order to pick the password that has been suggested in the change password tile or we put in using the Type new password functionality.
2) I feed in the password using the "type New password" option. The password does not show up in logs but blacklist attribute are being evaluated per logs. Still the password is not giving an error
Thanks,
Mahak
09/02/2024 11:55 PM
Hi,
Was able to resolve this as an interim solution by adding "pa\$5w0rd12345678" in the blacklisted attributes in Password policy. Even though we are not expected to place list of words in this attribute, seems to be working this way.
Thanks,
mahak