Symantec Access Management

Expand all | Collapse all

Allow specific special characters in password

  • 1.  Allow specific special characters in password

    Posted 01-17-2017 07:48 PM

    Creating this one behalf of : Haeder Shin

     

     

    Hello Mr.Shrestha,

     

    I saw your previous answers via this community, so that I could catch a point to configure & modify the policy of password by using following methods that you guided.

     

    But, I'm wondering how to allow to include a specific character such as $/^ and others(they're defined as regex) within words of password, while we're using the policy of password with its regular expression when created.

     

    e.g.)  Currently $ this character has been defined in the policy server to be restricted to make a new password as a regex, also it needs to be made inner side of passwords as a character.

     

    Is it possible to generate the password in this situation without deployment of patch version customized by CA Technology?(Please, help)

     

     

    * Guided by you

    C:\CA\siteminder\resources\APS.Lang (or APS.properties)

    NoMatch=SHRAWAN_NO_TRAILING_DIGIT *[0-9]
    SHRAWAN_NO_TRAILING_DIGIT = No trailing digit allowed.

    Happy working hours

     

    Thanks&Regards,

    Haeder



  • 2.  Re: Allow specific special characters in password

    Posted 01-17-2017 07:49 PM


  • 3.  Re: Allow specific special characters in password

    Posted 01-17-2017 07:53 PM

    Hi Haeder Shin,

     

    • Can you first confirm if you are using BPS (Basic Password Policy) or APS (Advanced Password Services)?
    • So you want to allow usage of $ and ^ character to be used in password ?

    Regards,

    Ujwol



  • 4.  Re: Allow specific special characters in password

    Posted 01-18-2017 01:26 AM

    Hi Shrestha,

     

    Thank you for your accurate & kind response at first. (I just answered along your tiny questionnaire accompanying)

     

    • Can you first confirm if you are using BPS (Basic Password Policy) or APS (Advanced Password Services)?

           : When I checked it with partners, they are not sure what types are applied in Production, thus, if you possible, could you answer both of them about BPS and APS in each case. (sorry about my request that could be burdened for you)

     

    • So you want to allow usage of $ and ^ character to be used in password ?

     

           : Yes, your assumption is correct absolutely

     

    Please, advice and inform me kindly

     

    Happy working hours

     

    Thanks&Regards,

    Haeder



  • 5.  Re: Allow specific special characters in password

    Posted 01-18-2017 05:49 PM

    Hi Haeder,

     

    • If you are configuring your password policy from Administrative UI , then you are using Basic Password Policy (BPS)
    • If you are configuring your password policy from APS.cfg file located in the <Policy_Server_Install>/bin directory then you are using APS.

     

    Now , my guess is that you are most likely using BPS as that is the default and has much simpler configuration steps.

     

    You said, " Currently $ this character has been defined in the policy server to be restricted to make a new password as a regex, also it needs to be made inner side of passwords as a character."

     

    Can you share the screenshot of the configuration where you have defined this ?

     

    If your password policy is allowed to use Non-Alphanumeric Characters then both $ and ^ should have been allowed to be used in the password unless you have a regular expression or other custom settings to restrict it.

     

    Punctuation: "!'(),.:;?@#%&*-_{}[]/\
    Non-Alphanumeric: "!'(),.:;?@#%&*-_{}[]/\`~$^=+<>|

     

     

    Also note that , Password policy always makes the more restrictive setting effective.

    For e.g let say in the composition tab you have allowed "Non-Alphanumberic" but in the Regular Expressions tab you have configured the $ and ^ character to NOT MATCH, then effectively your password policy will NOT allow the use of $ and ^ characters in the password.

     

    So, if you can , can you share screesshot of each of the tab from your password policy then we can check what is the best way going forward.

     

    Cheers,

    Ujwol Shrestha

    Ujwol's Single Sign-On Blog 



  • 6.  Re: Allow specific special characters in password

    Posted 01-20-2017 03:52 AM

    Hi Shrestha,

     

    I attached screenshot of configuration that we've defined, in which its Non-alphanumeric option of composition tab has been activated to allow when the password is created, and there is no result in regular expression tab which is defined to apply. But APS(Advanced Password Services) is not included in the request of taking capture at this time.

     

    If you want to ensure more information, please, let me know them.(It might be occurred by a wrong part of TEWS in my assumption, which could be made by human error.)

     

    * Screen shot(It's translated from Korean to English by limitation)

    --------------------------------------------------------------------------------------------------------

    Screenshot of Composition and Regular Expression

    --------------------------------------------------------------------------------------------------------

     

    Happy Friday:)

     

    Thanks&Regards,

    Haeder



  • 7.  Re: Allow specific special characters in password

    Posted 01-22-2017 07:27 PM
      |   view attached

    Hi Haedar,

     

    As the Non-alphanumeric is allowed (checked), if this password policy is being applied on your user/userstore, then it should have allowed the $ and ^ character in the password.

     

    Now this will need enabling tracing on the policy server and reviewing the logs.

    If you are comfortable doing that here, you can use the attached trace profiler and provide us the policy server trace log (smtracedefault.log) otherwise I would recommend opening a support case to troubleshoot this further.

     

    Regards,

    Ujwol

    Attachment(s)

    zip
    smtracedefault.txt.zip   515 B 1 version


  • 8.  Re: Allow specific special characters in password

    Posted 02-07-2017 08:47 AM

    Hi Ujwol,

     

    Firstly, I'm very sorry that I didn't response to you on time, I'm too late to interact with you, sorry about it.

    Thanks to your considerations, our problem has been fixed by help of CA technologies fortunately.

    Frankly, CA technologies' case(00*0****) had been opened to solve this problem simultaneously among this community and case of CA.

    Successfully, it was deployed into production now according to CA patch guide.

    I really appreciate that you guided me kindly day by day:)

     

    Thank you for helping me!

    Happy New Year(even if it's late to)&Nice working hours

     

    Thanks&Regards,

    Haeder