Knowledge Base

Support Policies

After Upgrade: Password Reset Realm, Complexity Exception

SecureAuth IdP Version affected: 8.0.0 +

Description: When trying to reset the password on an Active Directory user account with a SecureAuth password reset realm that's using Enforce Password Change Requirements, Password Reset Mode, the exception Password complexity has not been met will result no matter how complex the inputted password is.




This issue can be verified further by setting Validate Password Complexity to False or by changing the Password Reset Mode to Administrative Password Reset. Changing either of these two settings in the realm should result in a successful password change upon next attempt.

Settings location:
Admin Console -> Admin Realm -> SecureAuth# -> Post Authentication (tab) -> Password Reset (section) -> Configure password reset page (link)


Cause: The realm has an LDAP Connection String that is referencing an AD server's IP Address instead of it's Fully Qualified Domain name.




This type of Connection String configuration is acceptable for Password Reset realms on pre-8.x.x SecureAuth versions. Because of this, this issue is often encountered after upgrading a server from a legacy SecureAuth version.


Resolution: Change the connection string to the Active Directory's Fully Qualified Domain Name.

Admin Console -> Admin Realm -> SecureAuth# -> Data (tab) -> Membership Connection Settings (section) -> Connection String




- Press the Test Connection button at the bottom of the Membership Connection Settings section. If it returns Connection Successful, the password reset realm should now be fully functional with the password reset mode: Enforce Password Change Requirements.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.