Hi Ashok,
There may be other ways or work around to do this.
The quoted regular expression can be configured in admin ui, but I am not sure at run time if exceptions will be reached since the documentation specifically says "
no more than 10 subexpressions".
Since they are logically OR, would it be possible defining two separate regular expressions instead?
Also the configuration option can be "MUST Match" vs. "MUST NOT MATCH".
In 3rd party link, it explains other option like:
^(.{0,7}|[^0-9]*|[^A-Z]*|[^a-z]*|[a-zA-Z0-9]*)$
If anything matches that, then it's an invalid password.
You may customize it further base on specific requirement.
https://stackoverflow.com/questions/19605150/regex-for-password-must-contain-at-least-eight-characters-at-least-one-number-a
Thank You,
Hongxu Liu
Original Message:
Sent: 12-03-2019 11:42 PM
From: Ashok kumar Muthu
Subject: SSO - RegEx not working
Team,
I am facing challenges in using RegEx as part of password policy configuration to meet one the requirement:
- Must contain at least three of these four:
- Uppercase letter
- Lowercase letter
- Number
- Symbols allowed: ! # % ( ) * , ; : @ - $ =
Here is a RegEx to meet my exact requirement which I have been trying to make it work with password policy:
/^((?=.*[A-Z])(?=.*[a-z])(?=.*\d)|(?=.*[a-z])(?=.*\d)(?=.*[\$\%\&])|(?=.*[A-Z])(?=.*\d)(?=.*[\$\%\&])|(?=.*[A-Z])(?=.*[a-z])(?=.*[\$\%\&])).{8,16}$/https://rubular.com/r/tPcR0v5rgV
Also found a caveat for these kind of lengthy expressions:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8-03/configuring/policy-server-configuration/password-services-and-policies/how-to-configure-password-policies.html?_ga=2.261765069.1157089255.1575321144-720136992.1571758684
Limit:
Each regular expression can contain no more than 10 subexpressions, including the expression itself. The number of subexpressions equals the number of left or opening parentheses in the regular expression plus one more left parenthesis for the expression itself.
Appreciate any suggestions.
Thanks
Ashok