ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

SiteMinder Regular Expressions Limitation

book

Article ID: 53368

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

Customer Environment:

Policy Server: Policy Server 6.0.4.2

OS: Windows 2003

Policy Store: eDirectory server (8.7.3.9).

Problem:

Customer wants to use Regular Expressions in a password policy and needs to understand why theirs is failing:

Pattern to match "(([A-Za-z]+[0-9]*)([0-9]+[0-9a-zA-Z]*)([0-9a-zA-Z]+.*))|(([A-Za-z]+[0-9a-zA-Z]*)([0-9a-zA-Z]+[ 0-9]*)([0-9]+.*))$"

Solution:

There are a few siteminder limitations for the default regular expression function out of box.

  1. Siteminder regular expression only accept its own predefined operators.
    See details in Policy Design Guide -> Rules -> Resource Matching and Regular Expressions -> Regular Expressions for Resource Matching.

  2. The regular expression used in password policy configuration must not exceed 10 sub-expressions - in the customers example this is not meant.

  3. CA suggest customers test their regular expression on any one of the free online test tools.

In this case, out of box solution cannot meet their complex business requirement and customer is recommend to use SiteMinder layered product APS for implementation resolution.

Environment

Release:
Component: SMPLC