Regex expression for case insensitive in Password Policy in AdminUI
search cancel

Regex expression for case insensitive in Password Policy in AdminUI

book

Article ID: 190936

calendar_today

Updated On: 10-23-2024

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction


There's a requirement to exclude certain words to be used as password, regardless of the case.

When setting up restrictions in password policy by adding Regex expressions, by default, the Regex for the blacklisted words is case sensitive, while the requirements are for it to be case insensitive.

To illustrate:

Restrict any of the following to be used, they should all be rejected:

Password, password, pAsSword, etc.

The Regex documentation indicates (?i) should be used to make the expression case insensitive, however this doesn't seem to work.

However, the Regex works without "i" flag but is case sensitive, adding "i" to the Regex for case insensitive doesn't work.

The Regex expression is as following:

This works but is case sensitive

^(.*(password)+.*)$
  
This is not working as expected

(?i)^(.*(password)+.*)$ 

 

Environment

 

Policy Server 12.8SP3;
Identity Manager with SiteMinder is integrated 14.x.

 

Resolution


By adjusting the UsePCREPasswordChecks key in the registry (Policy Server), the Regex expression in case insensitive mode can be then used (1).

  1. Add the registry key UsePCREPasswordChecks as per the documentation:

    Add the "UsePCREPasswordChecks" registry key under below the location.

    "HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer\UsePCREPasswordChecks" 

    Modify the registry value to 1 to enable the registry.
  2. Restart the Policy Server;
  3. Configure case insensitive expression ie (?i)^(.*(password)+.*)$.

Attempting to set a new password of values such as Password, password, pAsSword will all be rejected.

 

Additional Information