IDM Password policy & Siteminder Password services regex limitation.

Document ID:  TEC1029228
Last Modified Date:  08/11/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Single Sign-On

Releases

  • CA Single Sign-On:Release:12.51 CA SiteMinder
  • CA Single Sign-On:Release:12.52
  • CA Single Sign-On:Release:12.52 CA SiteMinder
  • CA Single Sign-On:Release:12.52 SP1
  • CA Single Sign-On:Release:12.52 SP2
  • CA Single Sign-On:Release:12.6

Components

  • SITEMINDER ADVANCED PASSWORD SERVICES:SMAPS
  • SITEMINDER -POLICY SERVER:SMPLC
Introduction:

This document covers the limitation of Regex expression in Siteminder Password Services and IDM Password services.

Question:

Our IDM password policy that is enforced for all users in Production has a regular expression that matches the network Active Directory password policy which forces the user to use 3 out 4 (at least 1 Lowercase, at least 1 Uppercase, at least 1 digit and at least 1 special character). 

 

Environment:
Siteminder 12.0 SP3 on Solaris 10 IDM 12.6 SP2 on Solaris 10 Oracle DBs
Answer:

This is a limitation on the structure of the policy store.

If you take a look the <sm_oracle_ps.sql> PSSERVER_ROOT/db/SQL

You will find:
CREATE TABLE smtaggedstring5 (
taggedstringoid VARCHAR2(64) NOT NULL,
passwordpolicyoid VARCHAR2(64) NOT NULL,
taggedstringname VARCHAR2(255) NOT NULL,
taggedvalue VARCHAR2(1024) NULL,
nomatch INTEGER DEFAULT 0 NULL, 

 

The "taggedvalue" entry is where the Regex Expression are stored for password services. 

Editing this value is not suggested and can lead to unforeseen issues. 

 

 

Additional Information:

Siteminder also has a limit to the expression character that listed in the link below. Anything outside of this list could cause issues when password services perform the expression lookup. Siteminder has no support for lookahead Regex expressions.

URL:https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052%20SP1-ENU/Bookshelf_Files/HTML/idocs/2194471.html#o346030

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >