on 11-07-2014 1:45 PM
Hi experts,
I am using the SAP-Logon Help for Windows in cooperation with the SAP IDM.
The software allows our users to reset their passwort with answering predefined security questions.
This function perfectly..even with the use of many domain-controllers.
Want I want to do now is to except specific words/substrings to be part of the password.
The Password Policy Tab of my master idstore will give me the option to use a Regex.
Example:
Incoming Password: BlackForest_123!
Regex: /(?:(Forest))/g
This example should result in revoking the password synchronization
To cut a long story short: I fear that the Regex I am trying to use is put against the already encrypted password.
If this would be the case, I could Regex whatever I want and it would not work, because I wont be able to decrypt the password, in that pre-defined SAP-process.
Can someone please tell me that this is not the case or suggest a workaround?
Best regards and thanks in Advance,
Lukas
Hello Lukas,
it should work if you are using the IdM UI to set the password (not 100% sure right now but I think I have done it already). If you set the password somewhere else, e.g. by password hook in Windows logon screen I am not sure whether it does.
How many words do you want to exclude though? You are aware of the limited length of the Regex of something about 189 characters?
Regards
Norman
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Norman,
I tried using the UI-Task to reset the passwort, but the regex - still - seems not to work.
Maybe I am missing some settings?
Could you confirm me, if the Regex I have posted in my question up there, is correct?
Thanks for the tipp with the limitation of length! I want to exclude about 12 Words. This could be very close...
Best Regards,
Lukas
If a password was already encrypted and it was not done so by IdM, then it will remain encrypted and could match a regex string. Its also a good thing that it stays encrypted from IdM as this would lead to a man in the middle type of attack or impersonation scenarios for all IDs known to IdM, which is probably not in the best interest for anyone.
Billy,
this is a good point. It could be, that the IDM gets that password already encrypted. But why would the SAP give me the options to check if the password could contain "Mixed case characters" etc.?
Speaking about the options, I recognized, that there is one option to use a password dictionary. But I wasn't able to use the words in the dictionary to compare it as a substring with my password. Any other ideas concerning the password dictionary or my former regex-problem?
Regards,
Lukas
Hi Billy,
as far as I know the UI is taking the Regex at runtime - means it is checking the values before they get encrypted and stored in database.
@Lukas: I also always need to try with Regex, I cannot remember the syntax. But there is web sites where you can check a string against a given Regex where you can verify your Regex.
Regards
Norman
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.