Custom password validation

hi,
I am trying to write a custom java file for password validation. when we load it and compile using adadmin the class file is not getting generated.
also, i would like to know how to customize the message that appears.
example PASSWORD-INVALID. I would like to use explanatory message. Where do i define these strings.
package oracle.apps.fnd.security;
import oracle.apps.fnd.common.VersionInfo;
// Referenced classes of package oracle.apps.fnd.security:
// PasswordValidation
public class AppsPasswordValidationCUS
implements PasswordValidation
public String getErrorStackApplicationName()
return "FND";
public String getErrorStackMessageName()
return m_errorStackMessageName;
public boolean validate(String username, String password)
if(password ==null || password.length() == 0 || username == null || username.length() == 0)
m_errorStackMessageName = "PASSWORD-INVALID";
return false;
if(password.length() < 6)
m_errorStackMessageName = "PASSWORD-INVALID-LENGTH";
return false;
if(!validateLettersAndDigits(password))
m_errorStackMessageName = "PASSWORD-INVALID-LETTER-NUMBER";
return false;
if(!validateNoUsername(username, password))
m_errorStackMessageName = "PASSWORD-INVALID-USERNAME";
return false;
if(!validateNoRepeats(password))
m_errorStackMessageName = "PASSWORD-INVALID-REPEATS";
return false;
return true;
private boolean validateLettersAndDigits(String p_password)
boolean flag = false;
boolean flag1 = false;
for(int i = 0; i < p_password.length(); i++)
if(Character.isLetter(p_password.charAt(i)))
flag = true;
if(Character.isDigit(p_password.charAt(i)))
flag1 = true;
return flag && flag1;
private boolean validateNoUsername(String p_username, String p_password)
return p_password.toUpperCase().indexOf(p_username.toUpperCase()) == -1;
private boolean validateNoRepeats(String p_password)
for(int i = 1; i < p_password.length(); i++)
if(p_password.charAt(i) == p_password.charAt(i - 1))
return false;
return true;
private String m_errorStackMessageName;
}

Hi Colin,
We are able to update the password in OIM user profile now. However, after the process is done in java code, it is not redirecting to OAM Password change success page which will have a Back button. Also, we are seeing a Bug Report form page with the content given below:
Bug Report Form
An error has occurred while executing the application.
Your browser doesn't support sending mail automatically!
Please send E-Mail to <a =""></a> with the following information:
Your Name
Organization
E-Mail Address
Phone Number
Comment
Make sure to append the following traceback in the mail.
Traceback Traceback is unavailable.
Product Lost Password ManagementVersion
Platform Linux
Any clue as when we will witness this?
-Mahendra.

Similar Messages

  • Custom Attibute with Password Validations

    Hi,
    Is it possible to trigger the password validations for the custom attribute(who's display type as Password) which is defined in OAM objectclass of User Manager Configuration?
    However the custom attribute value passed to LDAP is stored in the form of unencrypted/clear text.
    Any inputs will be appreciated?
    Thanks,
    ABP
    Edited by: user11970322 on 14-Jan-2011 10:33

    Please post ASP.NET questions in the ASP.NET forums (http://forums.asp.net ).

  • Extend WL Authentication Provider Password Validation

    Hi folks
    I'm looking for any advice on how to extend the OOB password validation that is available and documented here:
    http://docs.oracle.com/cd/E12840_01/wls/docs103/secmanage/atn.html#wp1212100
    Specifically we'd like to test whether the desired password has been used in the last 8 they've used and also to enforce that it expire after x days. Any pointers would be much appreciated.
    Thanks,
    Paul

    1- How can an authentication provider supports password validation providers ?
    We decided to make our own authentication provider so I doubt we support it
    Yes, your custom authentication provider will not support it.
    2- How it is suppose to work ?
    Now, when a user change his password (or any of his attributes), we call a stored procedure (DB) which updates the user table ...
    The way I see it, the web application should call the password validation provider before (or instead and then the provider will call the stored procedure)
    Have u configured the a databse authenticator? Looks like you are modifying the password in the database directly ( using stored procedures) so Password Validator will not come in picture at all.

  • Custom Password Policy

    Hi xperts,
    I want to create a custom password policy which shoud fulfil the following requirements.
    1Allow additional alpha characters more other than A-Z and a-z. i.e the ones in Start button--->Programs>Accessories>System Tools>Character Map.
    2.Expand the default special characters list
    3 and we dont want email prefix(before @ to be used in the password).
    Any Ideas if we can do this ?

    You can put your validation using Java Script on Create User Form.----this can fulfil my 3rd requirement.
    or
    you can create custom action class which will validate your password. Change the reference of OLD action class and replace it with yours.
    I am a little new to sucg kind of customisations,can u just give me a little idea how exactly I can go about it..i.e which files to modify,which action class etc...
    Also I want this password policy for a group of users and if I modify the action class will there be an effect on the policies associated with other resources?

  • *** How to get the username in a custom password change routine....

    How to get the username in a custom password change routine / procedure / form when a user's password has expired and is redirected automatically to this custom program?
    We use the 2nd parameter in LOGIN_URL column in WWSSO_LS_CONFIGURATION_INFO$ table to get to this custom change-password proc.

    OK !
    Use that maybe good :
    select USERID into v_user from sys.aud$
      where ntimestamp#=(
      select max(ntimestamp#)
      from sys.aud$ );

  • Want the Customer specific validations at the time of asset posting

    Dear all,
    I want to implement Customer specific validations at the time of asset posting(ABZON , F-90 , F-91).Please tell which user-exit should I use??
    AINT0004 is working only for ABZON.
    AINT0001 is not as per my requirements!!
    Regards,
    Amiya

    Hi Amiya ,
    u can achieve thru Validations / Substitutions OB28. But u have limitations  in the implementations of Logic .
    regards
    Prabhu

  • Why are errors for password validation in struts 1.2.4 not being displayed

    I have the following in my validation.xml file
    <field property="passwordconfirm"
    depends="required">
    <arg0 key="registration.passwordconfirm"/>
    </field>
    In my jsp I have the following
    Password Confirm<html:password property="passwordconfirm" size="10" />
         <html:errors property="passwordconfirm"/>
    In my ApplicationResources.properties file I have the following
    errors.required={0} is required.
    registration.firstname = First name
    registration.passwordconfim= Password
    Other text fields work fine i.e. the errors are shown

    sorry this should read why no errors shown for password validation in struts 1.2.4.

  • Bringing back an old password validation rule

    Good afternoon
    On our old 4.6C system, there was a password validation rule that stated the first three characters of the password cannot occur in the same order in the user ID. This rule was removed when we upgraded to ECC 6.0
    While the users hated that rule, that rule was a SOX requirement at our company and I would like to have it back. Before I resort to programming user exits, is there a way to reactivate or at least simulate that rule? I cannot use USR40 because not only does it effect all users on the system, it only works on the second logon and not at validation time.
    If programming user exits like EXIT_SAPLSUSF_001 is my only option, where can I get the password at logon time? From my understanding, SAP does not store this in a system value or even a global variable or table to prevent the recording of passwords. While this is a valid security reason, it would solve the resurrection of this password role through programming.
    Please advise.
    Kind Regards
    Moggie

    Hi Moggie,
    > Pending the result of the contract programmer's research, placing a 3 character prefix of each new user ID in table USR40 is looking like the best option, though I do hate to place that kind of check for all user IDS when only one ID really needs that validation rule.
    A problem with that will soon arise when you have for example 10000 user ID's and want the users to have the opportunity to use strong pass-phrases (not just pass-words). Additionally, the passwords are now case-sensitive but the user ID is not. A pass-phrase for users such as "The_D0g_&_Cat_r_FAT" would go undetected even if you have any "THERON's" in the system, but why should it not be allowed? It's a good one!
    Users will soon notice that only passwords which are very cryptic can be used, and they will start writing them down on Post-It's.
    While that is going on... the "real sinners" who dish out weak or the same initial / reset passwords (like "INIT1234") or administrate the users for whom passwords don't change (like "RFC4PROD") will not have any further "idiot-proof" controls as it is only a warning, which is intentional.
    > If the passwords are cycled regularly, adhere to profile values in the instance that encourage strict password rules, and are kept private and secure, it is not a compliance issue to the auditors.
    There you have it. 
    Tell them that. Even if they do use the first 3 bname characters as the first 3 CAPS_ON password characters, they won't be able to do it for long anyway if the password rules are appropriate...
    Incase you are not aware of it, please also take a look at (and search here and SAP notes for) infos about instance parameter login/password_compliance_to_current_policy (e.g. SAP Note 862989). With appropriate minimum password rules (not overkilled - because the system must still be able to generate compliant wizard-passwords!), you will catch the bigger risks than any one 'BSM?????'s in there somewhere....
    Cheers,
    Julius

  • Password - why can't adminstrators access customer password

    I am a system adminstrator for two sites and I am becoming increasingly frustrated at the inability to access customer passwords.  I have a number of custoemrs who regularly forget their passwords who are not particularly computer savvy and I am not able to help them without a lot of phone/email support.  Whereas under the previous system I could communicate their password to them saving both of us a great deal of time and energy.
    I am very aware that BC changed the system to deny access to passwords for all but the customer but this for my sites is ridiculous.  I have access to all info that my customers have and I can 'change/update' any customer info on my site so why can I not access their password.
    This is extremely frustrating as the current process assumes computer literate users and that the system 'Forgotten Password' tokens work - the latter is not always the case and I have  a current support request to this effect.
    I would appreciate someone who knows the system well to explain to me the rationale behinds BC's change to password access adn what is the reality re how this enhances cuntomer security when the systems administrator has access to all that customers data.
    Richard

    Hey Richard. I think you miss understand here.
    Most secure systems - no password in the admin. You have the button in the admin to send a email for the reset request. This will also show (if you sort the site correctly) on the form they use to login.
    Both use the reset email and again, ensuring that is set up correct is something you have access to and ensure has the elements and worded as you need them to be.
    If people keep forgetting their password that to be quite frank it is their problem, why should a system become less secure because of this?
    Do good systems do this? No , should they change? heck no.
    Set up the processes to so the flow is easy to reset (which you have control over) and if they keep forgetting then they need to change them to something they wont forget.
    Are you going to contact Apple and their Itunes store and ask them for your password? They wont know and not provide it to you, they do not know as it is in encrypted.
    Like any systems you may also be aware of they say "No customer support respresentitive will ask for your pasword or provide you with your password". Etc.
    This will not change.

  • Does setPasswordChangeRequired(FALSE) overides Password Validity Period?

    Hi,
    If I set setPasswordChangeRequired to FALSE will the Password Validity Period take efect or this users with the setPasswordChangeRequired equals to FALSE will never get asked to change their passwords again?
    Thanx in Advanced!
    Kind Regards,
    Gerardo J

    Hi Gerardo ,
    How did you got around this issue. Can you share your solution/ideas.
    Thanks
    Srinivas

  • Assignment of custom password policies

    In the documentation is well described how to assign a custom password policy using Roles and CoS. This technique is fairly flexible and can be applied to a number of situations. I have the fear that this is very costly in terms of performance.
    Are there simpler ways to assign a password policy to all objects in a container?
    Thank you,
    Jo

    We just did this same thing in one of our instances and have not seen any CPU usage increase, but it's a very small instance (only about 10,000 entries.
    We just applied the password policy to all objects in the ou using the following template & COS
    # Template user for Class of Service
    dn: cn=AgencyTemplate,ou=agencies,o=company
    objectClass: top
    objectClass: extensibleObject
    objectClass: costemplate
    objectClass: ldapsubentry
    cosPriority: 1
    passwordPolicySubentry: cn=Agency Password Policy,o=company
    cn: AgencyTemplate
    # The COS to apply the policy to all agency users (ou=agencies,o=company)
    dn: cn=AgcyPwdPol_cosDefinition,ou=agencies,o=company
    objectClass: top
    objectClass: LDAPsubentry
    objectClass: cosSuperDefinition
    objectClass: cosPointerDefinition
    costemplatedn: cn=AgencyTemplate,ou=agencies,o=company
    cosAttribute: passwordPolicySubentry operational
    cn: AgcyPwdPol_cosDefinition

  • Reg ex for password validation

    hi help me for password validation......
    Password should contain 6 to 8 characters, at least one letter and at least one number, contain no spaces and no special characters (e.g. &, >, *,$)

    String[] tests = {"abc1def", "2abcdef", "abcdef", "123456"};
    for(String t: tests) {
      if(t.matches("^(?=\\D*\\d)(?=[^a-zA-Z]*[a-zA-Z]).*$")) {
        System.out.println("Accepted: "+t);
      } else {
        System.out.println("Rejected: "+t);
    // Accepted: abc1def
    // Accepted: 2abcdef
    // Rejected: abcdef
    // Rejected: 123456@OP: this does not answer your question, but it will get you started. Try to finish it yourself.

  • Custom Password policy for ProxyAgent

    Solaris 10 Server Directory Server LDAP 6.3. Clients are Solaris 10.
    The clients use "proxyagent" user located in ou=profile. When I create a Global Password policy and apply to my top level dc, then this service account can "expire". I can't have my service accounts expiring...
    How do you create a custom filter with NO account lockout, expiration, etc? The DSCC wizard doesn't allow you to as the last step of the wizard must have a bug because even though you don't click the Lockout radio button, the webpage asks you to fill in a number for account lockout of 1 to 32768. Ugggh.
    Question 2: how do you apply a custom password policy to ALL of ou=people? I can do it one by one to dn's under the ou=people, but I want it on the parent so new users get the custom password policy. Everything I try, the Global Password Policy wins. (And can't seem to be done via the DSCC but rather through command line)
    Help.
    Thanks,
    Sean

    How do you create a custom filter with NO account lockout, expiration, etc?
    The DSCC wizard doesn't allow you to as the last step of the wizard must have
    a bug because even though you don't click the Lockout radio button, the
    webpage asks you to fill in a number for account lockout of 1 to 32768. Ugggh.Logged a new bug
    http://sunsolve.sun.com/search/document.do?assetkey=1-1-6787917-1
    The clients use "proxyagent" user located in ou=profile. When I create a Global Password
    policy and apply to my top level dc, then this service account can "expire". I can't have
    my service accounts expiring...Password policies have to be applied to individual accounts (manually or via CoS). So you
    may need to create a new password policy and assign it to the proxyagent user. Since DSCC
    does not seem to allow you to do that, best to munge it via the commandline (after specifying
    the lockout in dscc). Yes, it's ugly but a bug has been logged. Please contact Sun Support if
    you want a fix against 6.3 (quote the above bug number)

  • Introducing a custom Password policy to expire passwords. odsee 11g - what are the expected results

    We have left the default Password Policy untouched. As a default password aging is off. Our DS compatibility mode is now DS6 so we can add Password Policies with max age!
    Some users need to have their passwords changed regularly due to political reasons.
    We have introduced a custom Password Policy which has a pwd_Max_age value of 180 days and allows the user to Change Password. Entry is cn=Custom Pwd Policy for ABC,dc=mycorp,dc=com
    Ok. Now we get confused by the behaviour of this ODSEE 11g server. Now, we are ADDING a new custom Password Policy to just a few selected users!
    1. When we add the Policy to the user by setting the passwordpolicysubentry attribute = "cn=Custom Pwd Policy for ABC,dc=mycorp,dc=com"
    - Nothing seems to happen.
    - WHEN IS THE PASSWORD EXPIRED?
    2. After we change a password for a user who has the passwordpolicysubentry attribute, he gains a new attribute pwdChangedTime
    - IS THIS THE ONLY TIME THE EXPIRY CLOCK STARTS TICKING? *AFTER* THE PASSWORD IS CHANGED?
    3. Is it true, that if a user never changes his password, even if he gets the new custom password policy applied, his password never automatically expires????
    I just cannot work out what is supposed to happen. I would have hoped that at the very least, the password begins to expires as soon as he gets a Password Policy with pwd_Max_age set.
    How is ODSEE 11g designed/supposed to function.
    Help!!!!!
    *HH

    Sylvain ,Many thanks for your reply and suggestions. Always good to have a choice!
    So it seems the only way to get the password aging clock to tick is for the password to be changed after having the password policy applied.
    Option1 is not really an option although it certainly would make the users change the password and set up the password aging...
    The main difficulty with odsee 11g  (Version 11.1.1.7.0) is that pwdChangedTime is a system read-only attribute linked to a modification to userPassword attribute, I cannot use ldapmodify to add/modify the pwdChangedTime attribute.
    I was amazed that I can read/store the userpassword as the base64 string and replace the userpassword attribute with this value using ldapmodify. This is very easy (and works!) but will cause the pwdChangedTime attribute to contain the same time for all users. I can imagine helpdesk loving it when everyone calls them in 6 months time.
    Using the LDIF backup/restore utility looks the best option, if it succeeds. At least we can randomize the actual value of pwdChangedTime with this approach.
    Mercy Buckets.

  • How to make custom data validation on standard form.

    Hi,
    I have some little OAF experience. I have extended VO so far but I am still newbie.
    I need to make custom data validation on standard form.
    I Oracle Credit Management module on "Create Credit Application: Applicant" form I need
    to validate chosen currency against customer setup (whether there is customer profile amount for the currency).
    The page is /oracle/apps/ar/creditmgt/application/webui/ARCMCREDITAPPPAGE
    There are controllers on the page:
    oracle.apps.ar.creditmgt.application.webui.creditAppContentFooterCO 115.14.15104.2
    oracle.apps.ar.creditmgt.application.webui.creditApplicationPageCO 115.6
    oracle.apps.ar.creditmgt.application.webui.creditAppRegion2CO 115.13.15104.2
    oracle.apps.ar.creditmgt.application.webui.creditApplicationCO 115.8.15104.3
    oracle.apps.ar.creditmgt.application.webui.creditAppRegion1CO 115.28.15104.4
    oracle.apps.ar.creditmgt.application.webui.creditAppBusBackCO 115.6
    oracle.apps.ar.creditmgt.application.webui.OCMApplicantInfoRNCO 115.4
    creditApplicationPageCO is pageLayout controller.
    Please direct me how to achieve it.
    Which controller should I extend (if any)?
    How to get values from the page (customer site id, currency) and how to run custom sql in my CO class ?
    Regards,
    Marcin

    Hi Marcin,
    You have to find your GO button is handled in which standard controller, (if you click on the about this page, you should be able to identify the controller,
    or you can download all the controller .class files and decompile and check the logic).
    Then extend that controller(which has the Go button logic, you can see how it has been handled.),
    The usual way to check is
    if(pageContext.getParameter('<Go button name>') !=null)
    Since you want to validate first your custom validation, in the extended controller ProcessFormRequest
    dont call the super.processFormRequest unless your validation is success.
    Call the super at the end.
    Inside your extended controller you have to find your AM and then your required ViewObject to get the user entered values.
    Thanks,
    With regards,
    Kali.
    OSSi.

Maybe you are looking for

  • Concept of Free Goods in Scheduling Agreement ?

    There are two line items with same material but different quantities. The user has given a price for both and created a SA. Then the user comes to know the line item 2. is free goods. So then he/she wants the net price of line item 2. to be zero. In

  • Scheduled Status in Message Monitoring

    Hi All, We have a scenario from DB- DB using Java Proxies. The Message interfaces are defined as Asynchornously with EO mode. Usually the sender channel picks data and tirggers Java Proxy. Proxy process all records and send the status back to sender

  • Itunes Media Folder location on external hd but computer hd still losing space

    Hi, im importing all my old CDs to my itunes, however as my computer's hard drive was getting too full, i've changed my itunes media folder location to an external hard drive. but now, even though the music is being saved to an external hard drive, i

  • How do I copy photos from Photostream to an event in iPhoto on my iMac?

    OK, it looks like photostream is working as it has imported photos from my iPhone to the folder called Photostream in iPhoto on my iMac. Now, I want to copy some of these photos and paste them into certain existing events I have already created.  I c

  • Idocs Failed

    Sending out material master extended the idoc MATMAS03 Created one segment with one field added it to the idoc populated that segment in the Customer Exit 'CAll function 002'  of FM:Masteridoc_create_matmas On sending the materials via bd10 I get err