Symantec Access Management

Creating this one behalf of : Haeder Shin

Hello Mr.Shrestha,

I saw your previous answers via this community, so that I could catch a point to configure & modify the policy of password by using following methods that you guided.

But, I'm wondering how to allow to include a specific character such as $/^ and others(they're defined as regex) within words of password, while we're using the policy of password with its regular expression when created.

e.g.)  Currently $ this character has been defined in the policy server to be restricted to make a new password as a regex, also it needs to be made inner side of passwords as a character.

Is it possible to generate the password in this situation without deployment of patch version customized by CA Technology?(Please, help)

* Guided by you

C:\CA\siteminder\resources\APS.Lang (or APS.properties)

NoMatch=SHRAWAN_NO_TRAILING_DIGIT *[0-9]

SHRAWAN_NO_TRAILING_DIGIT = No trailing digit allowed.

Happy working hours

Thanks&Regards,

Haeder

Referral thread : Advanced Password Services- Regular Expressions 

Hi Haeder Shin,

• Can you first confirm if you are using BPS (Basic Password Policy) or APS (Advanced Password Services)?
• So you want to allow usage of $ and ^ character to be used in password ?

Regards,

Ujwol

Hi Shrestha,

Thank you for your accurate & kind response at first. (I just answered along your tiny questionnaire accompanying)

• Can you first confirm if you are using BPS (Basic Password Policy) or APS (Advanced Password Services)?

       : When I checked it with partners, they are not sure what types are applied in Production, thus, if you possible, could you answer both of them about BPS and APS in each case. (sorry about my request that could be burdened for you)

• So you want to allow usage of $ and ^ character to be used in password ?

       : Yes, your assumption is correct absolutely

Please, advice and inform me kindly

Happy working hours

Thanks&Regards,

Haeder

Hi Haeder,

• If you are configuring your password policy from Administrative UI , then you are using Basic Password Policy (BPS)
• If you are configuring your password policy from APS.cfg file located in the <Policy_Server_Install>/bin directory then you are using APS.

Now , my guess is that you are most likely using BPS as that is the default and has much simpler configuration steps.

You said, " Currently $ this character has been defined in the policy server to be restricted to make a new password as a regex, also it needs to be made inner side of passwords as a character."

Can you share the screenshot of the configuration where you have defined this ?

If your password policy is allowed to use Non-Alphanumeric Characters then both $ and ^ should have been allowed to be used in the password unless you have a regular expression or other custom settings to restrict it.

Punctuation: "!'(),.:;?@#%&*-_{}[]/\
Non-Alphanumeric: "!'(),.:;?@#%&*-_{}[]/\`~$^=+<>|

Also note that , Password policy always makes the more restrictive setting effective.

For e.g let say in the composition tab you have allowed "Non-Alphanumberic" but in the Regular Expressions tab you have configured the $ and ^ character to NOT MATCH, then effectively your password policy will NOT allow the use of $ and ^ characters in the password.

So, if you can , can you share screesshot of each of the tab from your password policy then we can check what is the best way going forward.

Cheers,

Ujwol Shrestha

Ujwol's Single Sign-On Blog 

Hi Shrestha,

I attached screenshot of configuration that we've defined, in which its Non-alphanumeric option of composition tab has been activated to allow when the password is created, and there is no result in regular expression tab which is defined to apply. But APS(Advanced Password Services) is not included in the request of taking capture at this time.

If you want to ensure more information, please, let me know them.(It might be occurred by a wrong part of TEWS in my assumption, which could be made by human error.)

* Screen shot(It's translated from Korean to English by limitation)

--------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------

Happy Friday:)

Thanks&Regards,

Haeder

Hi Haedar,

As the Non-alphanumeric is allowed (checked), if this password policy is being applied on your user/userstore, then it should have allowed the $ and ^ character in the password.

Now this will need enabling tracing on the policy server and reviewing the logs.

If you are comfortable doing that here, you can use the attached trace profiler and provide us the policy server trace log (smtracedefault.log) otherwise I would recommend opening a support case to troubleshoot this further.

Regards,

Ujwol

Hi Ujwol,

Firstly, I'm very sorry that I didn't response to you on time, I'm too late to interact with you, sorry about it.

Thanks to your considerations, our problem has been fixed by help of CA technologies fortunately.

Frankly, CA technologies' case(00*0****) had been opened to solve this problem simultaneously among this community and case of CA.

Successfully, it was deployed into production now according to CA patch guide.

I really appreciate that you guided me kindly day by day:)

Thank you for helping me!

Happy New Year(even if it's late to)&Nice working hours

Thanks&Regards,

Haeder