[
https://issues.apache.org/jira/browse/SYNCOPE-1979?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrea Patricelli updated SYNCOPE-1979:
---------------------------------------
Affects Version/s: (was: 4.1.0)
> Password policy control over not permitted schemas and words does not work on
> substrings
> -----------------------------------------------------------------------------------------
>
> Key: SYNCOPE-1979
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1979
> Project: Syncope
> Issue Type: Bug
> Components: core
> Affects Versions: 4.0.6
> Reporter: Andrea Patricelli
> Assignee: Andrea Patricelli
> Priority: Major
> Fix For: 4.0.7, 4.1.2, 5.0.0
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> # Login in console as admin user and define a new password policy with not
> permitted words, say "notpermitted1" and "notpermitted2" and not permitted
> schemas, say "firstname" and assign it to root realm.
> # Pick one user, (e.g. bellini in the sample environment) and set the
> password with some string containing "notpermitted1", e.g.
> "Notpermitted12345!" or the firstname of the user, e.g. "Bellini12345!".
> # Password is going to be validated successfully and update passed, though
> it should fail because the password contains (ignoring case) not permitted
> words or schemas.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
