Andrea Patricelli created SYNCOPE-1979:
------------------------------------------
Summary: Password policy control over not permitted schemas and
words does not work on substrings
Key: SYNCOPE-1979
URL: https://issues.apache.org/jira/browse/SYNCOPE-1979
Project: Syncope
Issue Type: Bug
Components: core
Affects Versions: 4.1.0, 4.0.6
Reporter: Andrea Patricelli
Assignee: Andrea Patricelli
Fix For: 4.0.7, 4.1.2, 5.0.0
# Login in console as admin user and define a new password policy with not
permitted words, say "notpermitted1" and "notpermitted2" and not permitted
schemas, say "firstname" and assign it to root realm.
# Pick one user, (e.g. bellini in the sample environment) and set the password
with some string containing "notpermitted1", e.g. "Notpermitted12345!" or the
firstname of the user, e.g. "Bellini12345!".
# Password is going to be validated successfully and update passed, though it
should fail because the password contains (ignoring case) not permitted words
or schemas.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
