<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi,</p>
<p>the password lifetime and history are expected in the Security
Policy, not in the Password policy (for some years now).</p>
<p>My example from training:</p>
<p><securityPolicy oid="f30d36a6-fc11-11e5-9b5f-3c970e44b9e2" <br>
xmlns='<a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>'<br>
xmlns:c='<a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>'><br>
<name>ExAmPLE Stronger Security Policy</name><br>
<credentials><br>
<password><br>
<maxAge>P180D</maxAge><br>
<minAge>P10D</minAge><br>
<lockoutMaxFailedAttempts>3</lockoutMaxFailedAttempts><br>
<lockoutFailedAttemptsDuration>PT3M</lockoutFailedAttemptsDuration><br>
<lockoutDuration>PT15M</lockoutDuration><br>
<valuePolicyRef
oid="10000000-9999-9999-0000-a000f2000002"/><br>
<historyLength>5</historyLength><br>
</password><br>
</credentials><br>
</securityPolicy></p>
<p>The password policy only stores data about the password
complexity. And I'm not sure if the lifetime even worked in the
password policy before. Anyway this is the way to go.</p>
<p>See also:
<a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/Password-Related+Configuration">https://wiki.evolveum.com/display/midPoint/Password-Related+Configuration</a></p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<div class="moz-cite-prefix">On 22. 10. 2019 21:17, Lubomir Odlevak
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CABppFo75M4krCLjYuzBfQUjt_o2xqh+uxg6wPqHFTOqzgf1cRw@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hi,
<div><br>
</div>
<div>I have noticed that ValuePolicyType class has been updated
in mP 4.x. I have used <lifetime> xml tag to set <br>
minPasswordAge and passwordHistoryLength in ValuePolicy object
in mP 3.x. This <lifetime> tag is missing in mP 4.x. Is
there any way how to use it in mP 4.x ?</div>
<div><span style="color:rgb(0,0,0)">Here are differencies in </span>ValuePolicyType
class <span style="color:rgb(0,0,0)">in mP 3.x and 4.x:</span></div>
mp 3.9 :<br>
<br>
<complexType name="ValuePolicyType"><br>
<complexContent><br>
<extension base="{<a
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3}ObjectType"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/common/common-3}ObjectType</a>"><br>
<sequence><br>
<element name="lifetime" type="{<a
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3}PasswordLifeTimeType"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/common/common-3}PasswordLifeTimeType</a>"/><br>
<element name="stringPolicy" type="{<a
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3}StringPolicyType"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/common/common-3}StringPolicyType</a>"/><br>
<element name="prohibitedValues" type="{<a
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3}ProhibitedValuesType"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/common/common-3}ProhibitedValuesType</a>"
minOccurs="0"/><br>
<element name="minOccurs" type="{<a
href="http://www.w3.org/2001/XMLSchema}string"
moz-do-not-send="true">http://www.w3.org/2001/XMLSchema}string</a>"
minOccurs="0"/><br>
<element name="maxOccurs" type="{<a
href="http://www.w3.org/2001/XMLSchema}string"
moz-do-not-send="true">http://www.w3.org/2001/XMLSchema}string</a>"
minOccurs="0"/><br>
</sequence><br>
</extension><br>
</complexContent><br>
</complexType><br>
<br>
<br>
mP 4.x :<br>
<br>
<complexType name="ValuePolicyType"><br>
<complexContent><br>
<extension base="{<a
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3}AssignmentHolderType"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/common/common-3}AssignmentHolderType</a>"><br>
<sequence><br>
<element name="stringPolicy" type="{<a
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3}StringPolicyType"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/common/common-3}StringPolicyType</a>"/><br>
<element name="prohibitedValues" type="{<a
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3}ProhibitedValuesType"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/common/common-3}ProhibitedValuesType</a>"
minOccurs="0"/><br>
</sequence><br>
</extension><br>
</complexContent><br>
</complexType>
<div><br>
</div>
<div>Thanks</div>
<div>Regards</div>
<div>Lubomir Odlevak</div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>