search cancel

Password Policy Invalid Regular Expression

book

Article ID: 243295

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

We are facing an issue related to IDM Password Policy where a regular expression is not getting saved/configured.

We are trying to save following but getting error as invalid regular expression:

^[][email protected]#$&?:;.(){}[_]*$


Above regular expression was permitted in IDM 12.5 and 12.6 earlier versions.

 

Cause

Identity Manager and SiteMinder use different regex (regular expression) formats which can reveal occasional differences in allowed expressions.

Environment

Release : 14.4

Component : IdentityMinder(Identity Manager)

 

CA IDM v14.4, tightly integrated with CA SiteMinder v12.8 (12.8.0600.2649). 

Resolution

Siteminder uses two regular expression formats, Henry Spencer Regular Expression and PCRE Format

By default PCRE format is disabled.

 

Please follow the below instructions to solve the issue.

1) Enable the PCRE format for regular expression, please follow the below doc link for the same, in this section

Support for Regular Expressions in PCRE Format

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/password-services-and-policies/how-to-configure-password-policies.html

2) Restart your policy server

3) Flush the Policy Server cache

4) Modify the Password policy regular expression from ^[[email protected]#$&?:;.(){}[_]]*$ to ^[[email protected]#$&?:;.(){}\[_\]]*$, which is accepted by both Identity Manager Regular Expression and Siteminder Regular Expressions Patterns

 

With above changes I was successfully able to configure Passw0r& password.