There's a requirement to exclude certain words to be used as password, regardless of the case.

When setting up restrictions in password policy by adding Regex expressions, by default, the Regex for the blacklisted words is case sensitive, while the requirements are for it to be case insensitive.

To illustrate:

Restrict any of the following to be used, they should all be rejected:

Password, password, pAsSword, etc.

The Regex documentation indicates (?i) should be used to make the expression case insensitive, however this doesn't seem to work.

However, the Regex works without "i" flag but is case sensitive, adding "i" to the Regex for case insensitive doesn't work.

The Regex expression is as following:

This works but is case sensitive

^(.*(password)+.*)$
  
This is not working as expected

(?i)^(.*(password)+.*)$ 

 

Policy Server 12.8SP3;
Identity Manager with SiteMinder is integrated 14.x.

By adjusting the UsePCREPasswordChecks key in the registry (Policy Server), the Regex expression in case insensitive mode can be then used (1).

1. Add the registry key UsePCREPasswordChecks as per the documentation:
   
   Add the "UsePCREPasswordChecks" registry key under below the location.
   
   "HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer\UsePCREPasswordChecks" 
   
   Modify the registry value to 1 to enable the registry.
2. Restart the Policy Server;
3. Configure case insensitive expression ie (?i)^(.*(password)+.*)$.

Attempting to set a new password of values such as Password, password, pAsSword will all be rejected.

1. How to Configure Password Policies