Hi everyone,

Anybody with experience developing Java Extensions for ISVG?

We are developing a custom Rule Password and we are trying to constrain the password generation on the constrain(PasswordGenerator generator) method.

In this constrain() method, we have visibility of the parameter from the custom Rule Password indicated on the Password Policy, but we also need the UID user from the user who is changing the pass.
We have the context information on the validationInfo of the validate(String password, ValidationInfo validationInfo) method, from where we can obtain the user ID, but we need it before this validation, in the constrain() method, previous to password generation.

We have tried to create an instance of the class PasswordRuleValidation who implements ProvisioningValidationInfo, but the constructors of the class need any parameter such as "AccountEntity account" and we don´t have that parameter to instance of.

Does know someone how to instantiate any Object in our custom Rule Password class to get user ID, essentially in the constrain method?

Thanks in advance.

I am sorry - my knowledge of Password Rules is not sufficient to support your query.

I suggest that you create a support case to get the advice needed as the documentation on how the password rules works seems somewhat sparse...

A general point - IMHO it is not a good idea to restrict passwords - this is something that was used when passwords were short (e.g 8 character length) - instead force the users to use passphrases with a decent length, mandate passkeys (if possible) and do not force users to change password regularly if the length is sufficient to make the password relatively secure (and best - if possible get rid of end user passwords and use passkeys instead).

Now - that general advice is void if you have e.g. a mainframe without passphrases.... but then somebody should really start fixing that... 

Hi everyone,

Anybody with experience developing Java Extensions for ISVG?

We are developing a custom Rule Password and we are trying to constrain the password generation on the constrain(PasswordGenerator generator) method.

In this constrain() method, we have visibility of the parameter from the custom Rule Password indicated on the Password Policy, but we also need the UID user from the user who is changing the pass.
We have the context information on the validationInfo of the validate(String password, ValidationInfo validationInfo) method, from where we can obtain the user ID, but we need it before this validation, in the constrain() method, previous to password generation.

We have tried to create an instance of the class PasswordRuleValidation who implements ProvisioningValidationInfo, but the constructors of the class need any parameter such as "AccountEntity account" and we don´t have that parameter to instance of.

Does know someone how to instantiate any Object in our custom Rule Password class to get user ID, essentially in the constrain method?

Thanks in advance.

Hi Franz, 

In our particular case, we need to constrain the password due the Standard Password Generator of ISIM, creates a length password according to the length Password Policy, so if our custom Rule don´t allow so many characters, ISIM will try anyway to generate a new password in a loop (20,000 times it´s harcoded in ISIM), always with the same length, and for some users, we need to indicate the Password Generator a specific minor length, limited by the final systems that we work with. 

As you mentioned, we haven´t passphrases, I'll stick with your idea.

We opened a support case too.

Thanks again for your advices.

I am sorry - my knowledge of Password Rules is not sufficient to support your query.

I suggest that you create a support case to get the advice needed as the documentation on how the password rules works seems somewhat sparse...

A general point - IMHO it is not a good idea to restrict passwords - this is something that was used when passwords were short (e.g 8 character length) - instead force the users to use passphrases with a decent length, mandate passkeys (if possible) and do not force users to change password regularly if the length is sufficient to make the password relatively secure (and best - if possible get rid of end user passwords and use passkeys instead).

Now - that general advice is void if you have e.g. a mainframe without passphrases.... but then somebody should really start fixing that... 

Hi everyone,

Anybody with experience developing Java Extensions for ISVG?

We are developing a custom Rule Password and we are trying to constrain the password generation on the constrain(PasswordGenerator generator) method.

In this constrain() method, we have visibility of the parameter from the custom Rule Password indicated on the Password Policy, but we also need the UID user from the user who is changing the pass.
We have the context information on the validationInfo of the validate(String password, ValidationInfo validationInfo) method, from where we can obtain the user ID, but we need it before this validation, in the constrain() method, previous to password generation.

We have tried to create an instance of the class PasswordRuleValidation who implements ProvisioningValidationInfo, but the constructors of the class need any parameter such as "AccountEntity account" and we don´t have that parameter to instance of.

Does know someone how to instantiate any Object in our custom Rule Password class to get user ID, essentially in the constrain method?

Thanks in advance.