[midPoint] Missing ValuePolicyType <lifetime> tag in mP 4.x

Ivan Noris ivan.noris at evolveum.com
Wed Oct 23 06:51:28 UTC 2019


Hi,

the password lifetime and history are expected in the Security Policy,
not in the Password policy (for some years now).

My example from training:

<securityPolicy oid="f30d36a6-fc11-11e5-9b5f-3c970e44b9e2"
    xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
    xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'>
    <name>ExAmPLE Stronger Security Policy</name>
    <credentials>
        <password>
            <maxAge>P180D</maxAge>
            <minAge>P10D</minAge>
            <lockoutMaxFailedAttempts>3</lockoutMaxFailedAttempts>
           
<lockoutFailedAttemptsDuration>PT3M</lockoutFailedAttemptsDuration>
            <lockoutDuration>PT15M</lockoutDuration>
            <valuePolicyRef oid="10000000-9999-9999-0000-a000f2000002"/>
            <historyLength>5</historyLength>
        </password>
    </credentials>
</securityPolicy>

The password policy only stores data about the password  complexity. And
I'm not sure if the lifetime even worked in the password policy before.
Anyway this is the way to go.

See also:
https://wiki.evolveum.com/display/midPoint/Password-Related+Configuration

Best regards,

Ivan

On 22. 10. 2019 21:17, Lubomir Odlevak wrote:
> Hi,
>
> I have noticed that ValuePolicyType class has been updated in mP 4.x.
> I have used <lifetime> xml tag to set
> minPasswordAge and passwordHistoryLength in ValuePolicy object in mP
> 3.x. This <lifetime> tag is missing in mP 4.x. Is there any way how to
> use it in mP 4.x ?
> Here are differencies in ValuePolicyType class in mP 3.x and 4.x:
> mp 3.9 :
>
> <complexType name="ValuePolicyType">
>    <complexContent>
>      <extension
> base="{http://midpoint.evolveum.com/xml/ns/public/common/common-3}ObjectType">
>        <sequence>
>          <element name="lifetime"
> type="{http://midpoint.evolveum.com/xml/ns/public/common/common-3}PasswordLifeTimeType"/>
>          <element name="stringPolicy"
> type="{http://midpoint.evolveum.com/xml/ns/public/common/common-3}StringPolicyType"/>
>          <element name="prohibitedValues"
> type="{http://midpoint.evolveum.com/xml/ns/public/common/common-3}ProhibitedValuesType"
> minOccurs="0"/>
>          <element name="minOccurs"
> type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
>          <element name="maxOccurs"
> type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
>        </sequence>
>      </extension>
>    </complexContent>
>  </complexType>
>
>
> mP 4.x :
>
> <complexType name="ValuePolicyType">
>    <complexContent>
>      <extension
> base="{http://midpoint.evolveum.com/xml/ns/public/common/common-3}AssignmentHolderType">
>        <sequence>
>          <element name="stringPolicy"
> type="{http://midpoint.evolveum.com/xml/ns/public/common/common-3}StringPolicyType"/>
>          <element name="prohibitedValues"
> type="{http://midpoint.evolveum.com/xml/ns/public/common/common-3}ProhibitedValuesType"
> minOccurs="0"/>
>        </sequence>
>      </extension>
>    </complexContent>
>  </complexType>
>
> Thanks
> Regards
> Lubomir Odlevak
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/20191023/4bfc5012/attachment.html>


More information about the midPoint mailing list