Before you begin
If automatic realm restart is enabled, you do not need to restart WebLogic Server after activating non-dynamic changes to security providers. See Enable automatic realm restart and Using Automatic Realm Restart.
When configured in a security realm, the Password Validation provider is automatically invoked by a supported authentication provider whenever a password is created or updated for a user in that realm. The Password Validation provider then performs a check to determine whether the password meets the criteria established by the composition rules, and the password is accepted or rejected as appropriate.
The password composition rules you can configure for the Password Validation provider include the following:
Note: Passwords cannot contain a curly brace ("{") as the first character.
Note: By default, the Default Authentication provider requires a minimum password length of 8 characters. However, the minimum password length enforced by the Default Authentication provider can be customized. In either case, if the Default Authentication provider and Password Validation provider are both configured in the security realm, and you attempt to create a password that does not meet the minimum length enforced by the Default Authentication provider, an error is generated.
For complete details about each rule you can configure with the Password Validation provider, see Configuration Options.
The Password Validation Providers table lists the Password Validation providers configured in this security realm.
The Create a New Password Validation Provider page appears.