Inline Password Reset does not honor the Password Complexity Ruleset

Follow
    Applies to:
  • SecureAuth Identity Platform
Deployment model:
  • Hybrid
  • Version Affected:  All

    Description:  
    When using Inline Password Reset it can be possible to enter a password which does not meet the Password Complexity Ruleset laid out in the 'Password Rules and Policy Settings' page

    Cause:  
    Inline Password Reset does not work in the same way as a Password Reset Realm and can be a bit confusing in how it is presented within the Admin Console due to it using the same configuration page as Password Reset Realms.

    Inline Password Reset does not honor the Identity Platform Complexity Rules whereas a Password Reset Realm does.
    The best way to describe the current offering of Inline Password Reset is 'a UI on top of the Windows Password Reset process which also visibly displays the Identity Platform Complexity Rules, set out within the Inline Password Reset configuration page, to the end users'.

    This means the Inline Password Reset page simply sends the new Password back to the Datastore (Active Directory for example), if the Datastore accepts the Password then the process is successful, if the Datastore does not accept the Password (it does not meet the Complexity Requirements set on the Datastore) then an error will be returned and the Password Reset process will fail even if the Password does meet the Complexity Rules shown on the Identity Platform Inline Password Reset page, the process does not take into account the Complexity Rules setup within Identity Platform.

    As an example, see the below


    See the following for configuration 'options' for Inline Password Reset (from 9.3 but it is still valid) - https://docs.secureauth.com/0903/en/inline-password-change-configuration-guide.html

    Resolution:  
    An Enhancement Request is currently in place to improve this in a later version of Identity Platform.

    Unfortunately at this point in time there is no 'Resolution' to the above scenario but it is possible to improve the end user experience by setting the Complexity Rules in Identity Platform (for the Inline Password Reset configuration) to the same as those set within the Datastore.
    Doing the above will ensure the end users are aware of the Complexity Rules for a new Password ensuring the Password Reset process has the highest chance of success.

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.