CA Identity Manager: Restriction on Create User without a Password

book

Article ID: 110045

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

When the Identity Manager password policy is enabled the Create User is giving the following error even though the Password is not a required field.

Create user "UID" in organization "ORG": Failed to execute CreateUserEvent. ERROR MESSAGE: PasswordMessageType::Short Arguments 0 = 7 

Environment

All Identity Manager 14.0+ environments 

Resolution

In IDM 14.x the product executes the password policies regardless of if a password is provided or required. The password policies aren’t ‘optional’. If enabled then they execute and check the minimum password and unless 7 chars then it will fail. It doesn’t care or take into account the launching task and if the password is optional. If you disable your password policy the product will allow you to create users with no passwords. 

Please note that this behavior was different in previous versions of the product, in 12.6.x you could create users that had no passwords even with password policies enabled. This option was removed for security reasons.