2.2.9 Password Management
This topic describes about password management.
The Oracle Banking Cash Management relies on external password management and does not store any credentials. If an external LDAP is used, password management and policy rules can be set on that (For ex. For Weblogic Embedded-LDAP, the user and password rules can be configured via the admin console of the weblogic). If OIM/OAM is configured, password management and policy rules can be set on OIM. The IdP (Identity Provider) in case of SAML takes care of the password policies.
Certain user password related parameters should be defined at the system level. These parameters will apply to all the users of the system. Examples of such parameters are the number of invalid login attempts after which a user-id should be disabled, the maximum and minimum length for a password
Password Policies
To enable password validation, there is a flag given in SECURITY_CONFIG table called:
PASSWORD_VALIDATION_FLAG – It has to be set as Y to enable
Password validation criteria are configurable through the table created called SECURITY_PASSWORD_VAL_CONFIG. Each property in that is being explained through the following table:
| Property | Value | Description |
|---|---|---|
| MIN_PSWD_LEN | Any integer | Minimum password length required |
| MAX_PSWD_LEN | Any integer | Maximum password length allowed |
| MIN_PSWD_AGE | Any integer | Not used currently |
| MAX_PSWD_AGE | Any integer | Not used currently |
| FLAG_UPPER_CHAR | Y/N | Y- UpperCase characters required |
| NUM_MAND_UPPER | Integer |
Minimum uppercase characters required Checked only if FLAG_UPPER_CHAR is set to Y |
| FLAG_LOWER_CHAR | Y/N | Y- LowerCase characters required |
| NUM_MAND_LOWER | Integer |
Minimum lowercase characters required Checked only if FLAG_LOWER_CHAR is set to Y |
| FLAG_SPECIAL_CHAR | Y/N | Y- Special characters required |
| NUM_MAND_SPECIAL | Integer |
Minimum special characters required Checked only if FLAG_SPECIAL_CHAR is set to Y |
| FLAG_NUMERIC_CHAR | Y/N | Y- Numeric characters required |
| NUM_MAND_NUMERIC | Integer |
Minimum numeric characters required Checked only if FLAG_ NUMERIC_CHAR is set to Y |
Parent topic: Oracle Banking Cash Management Controls