[jira] [Resolved] (SYNCOPE-1979) Password policy control over not permitted schemas and words does not work on substrings

Andrea Patricelli (Jira) Wed, 24 Jun 2026 06:07:05 -0700


     [ 
https://issues.apache.org/jira/browse/SYNCOPE-1979?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andrea Patricelli resolved SYNCOPE-1979.
----------------------------------------
    Resolution: Resolved

> Password policy control over not permitted schemas and words does not work on 
> substrings 
> -----------------------------------------------------------------------------------------
>
>                 Key: SYNCOPE-1979
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1979
>             Project: Syncope
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 4.1.1
>            Reporter: Andrea Patricelli
>            Assignee: Andrea Patricelli
>            Priority: Major
>             Fix For: 4.1.2, 5.0.0
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> # Login in console as admin user and define a new password policy with not 
> permitted words, say "notpermitted1" and "notpermitted2" and not permitted 
> schemas, say "firstname" and assign it to root realm.
>  # Pick one user, (e.g. bellini in the sample environment) and set the 
> password with some string containing "notpermitted1", e.g. 
> "Notpermitted12345!" or the firstname of the user, e.g. "Bellini12345!".
>  # Password is going to be validated successfully and update passed, though 
> it should fail because the password contains (ignoring case) not permitted 
> words or schemas.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (SYNCOPE-1979) Password policy control over not permitted schemas and words does not work on substrings

Reply via email to