How can we check if a password collected by the platform password collector node in an AM authentication decision script is valid according to the password policy set up in ForgeRock DS? We have an AM-IDM integration with a shared identity store in ForgeRock DS.
Suggest any ways this can be achieved via an authentication tree. In the current flow, if the provided password is not valid, the create object node fails with a policy violation error and the tree ends with an unauthorized error message. We intend to check the newly provided password value before creating the object in the ForgeRock tree.
hi @karannayyar
I believe this password policy validation is included as an option in this node : Platform Password node :: AM 7.4.0
Could you give some more context of your setup and use case to understand better ?
regards,
Steph.
@stephane.orluc
We currently do not have any policy configured for the password attribute in IDM. Hence, the policy validation will not work for the platform password node. The password policies are configured at the ForgeRock Directory Server.
We have AM and IDM integrated with a shared identity store. The use case is a simple user registration flow where username, password, first name, and last name are collected, followed by a create object node. However, the creation of the object fails as the password does not satisfy the password policy requirements. So, before we reach the create object node stage in the journey, we intend to check that the collected password complies with the password policy configured in the ForgeRock Directory Server.
@karannayyar,
if possible, I would suggest you implement the policy in IDM: Manage password policies :: IDM 7.5.0
regards,
Steph
1 Like
One possibility you may consider in a platform integration is to enforce password policies from IDM but where it is implemented in DS. You can see this happening in a forgeops deployment, or in Identity cloud. The OOTB repo.ds.json has mappings to dsconfig for those password policies. This of course work if the password policies you have setup in DS are compatible with this Scheme.
1 Like
@patrick_diligent Can you please share any documentation reference for the above?I can’t seem to find any.
Hi karannayyar, I wanted to follow up on the solution our support team provided regarding your issue. We would greatly appreciate any helpful information you could share with the community.
Many thanks,
Sheila