We are using IBM security identity manager 6. We have linux and windows server integrated with ISIM. We have set password policy in isim in such as way that minimum char is 15 and max is 32. Whenever ISIM generates automated password for any ids it always taking max char i.e. 32. Same issue with shared id and vault id auto generated password. but we want to generate min char i.e. 15 all the time whenever isim will generate random password. Also, if user will type password manually it should accept password length between 15 to 32 (no limitation here).
Could you please suggest how we can achieve this.

------------------------------
Himanshu Ranjan
------------------------------

Hello Himanshu,

If you would like to modify the way the passwords are auto-generated in ISIM, you would need to write/register a custom Password Generator.  There is documentation and an example of a custom Password Generator in $ISIM_HOME/extensions/6.0/examples/passwordrules/. This would allow you to restrict the auto-generated password length, while still allowing users to enter longer passwords manually.

------------------------------
Grey Thrasher
IBM
------------------------------

Original Message:
Sent: Tue April 21, 2020 05:13 AM
From: himanshu ranjan3
Subject: IBM security identity manager issue with auto generated password length

We are using IBM security identity manager 6. We have linux and windows server integrated with ISIM. We have set password policy in isim in such as way that minimum char is 15 and max is 32. Whenever ISIM generates automated password for any ids it always taking max char i.e. 32. Same issue with shared id and vault id auto generated password. but we want to generate min char i.e. 15 all the time whenever isim will generate random password. Also, if user will type password manually it should accept password length between 15 to 32 (no limitation here).
Could you please suggest how we can achieve this.

------------------------------
Himanshu Ranjan
------------------------------

The suggestion from Grey is the best practice - but I was wondering why you would want a relative weak password as default - this does not make sense...
There are some other possibilities utilizing a couple of non-standard methods (and this is neither recommended nor easy).
There are 2 javascript extensions that can be used - Enrole.generatePassword() and Account.setAndEncryptPassword(). But the problm here is that you would need a dummy service with the password policy with shorter password (max 15 and min 15) and generate an account, get the password and store it on your account (and you probably do not want to fully generate the dummy account). This is doable in the operational workflow but IMHO not worth the effort...
I would recommend to accept the current standard behavior and spent my time improving something else :-)

------------------------------
Franz Wolfhagen
IAM Technical Architect for Europe - Certified Consulting IT Specialist
IBM Security Expert Labs
------------------------------

Original Message:
Sent: Tue April 21, 2020 11:28 AM
From: Grey Thrasher
Subject: IBM security identity manager issue with auto generated password length

Hello Himanshu,

If you would like to modify the way the passwords are auto-generated in ISIM, you would need to write/register a custom Password Generator.  There is documentation and an example of a custom Password Generator in $ISIM_HOME/extensions/6.0/examples/passwordrules/. This would allow you to restrict the auto-generated password length, while still allowing users to enter longer passwords manually.

------------------------------
Grey Thrasher
IBM

Original Message:
Sent: Tue April 21, 2020 05:13 AM
From: himanshu ranjan3
Subject: IBM security identity manager issue with auto generated password length

We are using IBM security identity manager 6. We have linux and windows server integrated with ISIM. We have set password policy in isim in such as way that minimum char is 15 and max is 32. Whenever ISIM generates automated password for any ids it always taking max char i.e. 32. Same issue with shared id and vault id auto generated password. but we want to generate min char i.e. 15 all the time whenever isim will generate random password. Also, if user will type password manually it should accept password length between 15 to 32 (no limitation here).
Could you please suggest how we can achieve this.

------------------------------
Himanshu Ranjan
------------------------------

Hi,

we had the same requirement at customer.
You can archive a smaller default maximum length for a generated password by implementing your own generator (a Class extending com.ibm.passwordrules.standard.StandardGenerator) and implementing override for setLength and initialize methods. Afterwards you can replaced the default generator in passwordrules.properties by calling it with generator.<your classname>=<paramters>

Best Regards,
Frank

------------------------------
Frank Brandt
------------------------------

Original Message:
Sent: Tue April 21, 2020 05:13 AM
From: himanshu ranjan3
Subject: IBM security identity manager issue with auto generated password length

We are using IBM security identity manager 6. We have linux and windows server integrated with ISIM. We have set password policy in isim in such as way that minimum char is 15 and max is 32. Whenever ISIM generates automated password for any ids it always taking max char i.e. 32. Same issue with shared id and vault id auto generated password. but we want to generate min char i.e. 15 all the time whenever isim will generate random password. Also, if user will type password manually it should accept password length between 15 to 32 (no limitation here).
Could you please suggest how we can achieve this.

------------------------------
Himanshu Ranjan
------------------------------