Jump to

• Request
• Response

Get Password Policy using tenant and policyid

get

/oam/services/rest/access/api/v1/policy/PasswordPolicies/${tenantid}/${policyid}

The PasswordPolicy returns information about the "OAM" password policy. The response includes password policy rules and assignment rule which gives information on which subset of OAM users this password policy is applicable.

Request

Path Parameters

• policyid: string
  The password policy unique identifier
• tenantid: string
  tenant unique identifier

Response

Supported Media Types

• application/json

200 Response

Password policy assignment

Body ()

Root Schema : schema

Type: array

Show Source

• [0]: object PasswordPolicyAssignment

{
    "type":"array",
    "items":{
        "$ref":"#/definitions/PasswordPolicyAssignment"
    }
}

Nested Schema : PasswordPolicyAssignment

Type: object

Show Source

• AssignmentRule: object assignmentRule
• PasswordPolicyInfo: object passwordPolicyInfo

{
    "type":"object",
    "properties":{
        "PasswordPolicyInfo":{
            "$ref":"#/definitions/passwordPolicyInfo"
        },
        "AssignmentRule":{
            "$ref":"#/definitions/assignmentRule"
        }
    }
}

Nested Schema : assignmentRule

Type: object

Show Source

• idStoreRef: string
  The identity store reference id for which the current password policy is assigned to.
• passwordPolicyID: string
  This has to match with the password policy specified in the passwordPolicyInfo id
• priority: integer
  The priority for this password policy assignment. The policy for the user is ascertained by getting all the assignement rules for the idstore in which the user belongs, sorted using priority. The first applicable password policy is then chosen as the password policy applicable for the user.
• ruleType: integer
  The ruletype is an integer enumerator which specifies the kind of rule 1-none 2 -group
• ruleValue: string
  If the ruleType indicated group, then the rulevale indicates the group to which the user must belong to for the password policy to be applicable.

{
    "type":"object",
    "properties":{
        "idStoreRef":{
            "type":"string",
            "description":"The identity store reference id for which the current password policy is assigned to."
        },
        "priority":{
            "type":"integer",
            "description":"The priority for this password policy assignment. The policy for the user is ascertained by getting all the assignement rules for the idstore in which the user belongs, sorted using priority. The first applicable password policy is then chosen as the password policy applicable for the user."
        },
        "passwordPolicyID":{
            "type":"string",
            "description":"This has to match with the password policy specified in the passwordPolicyInfo id"
        },
        "ruleType":{
            "type":"integer",
            "description":"The ruletype is an integer enumerator which specifies the kind of rule 1-none 2 -group"
        },
        "ruleValue":{
            "type":"string",
            "description":"If the ruleType indicated group, then the rulevale indicates the group to which the user must belong to for the password policy to be applicable."
        }
    }
}

Nested Schema : passwordPolicyInfo

Type: object

Show Source

• allAtOnce: boolean
  Not supported in OAM. A Boolean value. When true, the client UI will present all challengers in random order each time displayed. When false, the client UI will present one challenge question at a time where the subject MUST respond before the next is displayed.
• challengePolicy: integer
  Not supported in OAM. A complex attribute that defines policy around challenges. It contains the following sub-attributes.source An Integer indicating one of the following + 0 - User Defined. + 1 - Admin Defined. + 2 - User and Admin Defined.
• challengesEnabled: boolean
  Always false in OAM. A Boolean value indicating challenges MAY be used during authentication. Not supported. None of the challenge question/answers related policy elements are supported since OAM doesnt support user challenge questions/answers.
• defaultQuestions: string
  Not supported in OAM. A Multi-valued String attribute that contains one or more default question a subject may use when setting their challenge questions.Not supported in OAM
• desc: string
  A String that describes the current policy. Typically used for informational purposes (e.g. to display to a user).
• dictionaryLocation: string
  A Reference value containing the URI of a dictionary of words not allowed to appear within a password value.
• disallowedChars: string
  A String value whose contents indicates a set of characters that SHALL NOT appear, in any sequence, in a password value.
• disallowedSubStrings: string
  A Multi-valued String indicating a set of Strings that SHALL NOT appear within a password value.
• expiresAfterDays: integer
  An Integer indicating the numbers of days after which a password reset is required.
• firstNameDisallowed: boolean
  A Boolean indicating a sequence of characters matching the resource's "name.givenName" SHALL NOT be included in the password.
• id: string
  Unique identifier representing a specific password policy.
• lastNameDisallowed: boolean
  A Boolean indicating a sequence of characters matching the resource's "name.familyName" SHALL NOT be included in the password.
• lockOutDuration: integer
  An Integer indicating the number of minutes an account will be locked after maxIncorrectAttempts exceeded.
• maxIncorrectAttempts: integer
  An Integer representing the maximum number of failed logins before an account is locked.
• maxIncorrectChallengesAttempts: integer
  Not supported in OAM. An Integer indicates the maximum number of failed reset password attempts using challenges. If any challenges are wrong in a reset attempt, the users resetAttempts counter will be incremented by 1. If resetAttempts is greater than maxIncorrectAttempts, the subject's account will be locked with a locked.reason value.
• maxLength: integer
  An Integer indicating the maximum password length (in characters). A value of 0 or no value SHALL indicate no maximum length restriction.
• maxRepeatedChars: integer
  An Integer indicating the maximum number of repeated characters in a password. A value of 0 or no value SHALL indicate no restriction.
• maxSpecialChars: integer
  An Integer indicating the maximum number of special characters in a password. A value of 0 or no value SHALL indicate no maximum length restriction.
• minAlphaNumerals: integer
  An Integer indicating the minimum number of alphabetic or numeric characters in a password. A value of 0 or no value SHALL indicate no minimum length restriction.
• minAlphas: integer
  An Integer indicating the minimum number of alphabetic characters in a password. A value of 0 or no value SHALL indicate no minimum length restriction.
• minAnswerCount: integer
  Not supported in OAM. An Integer indicating the minimum number of challenge answers a subject MUST answer when attempting to reset their password via forgot password request.
• minLength: integer
  An Integer indicating the minimum password length (in characters). A value of 0 or no value SHALL indicate no minimum length restriction.
• minLowerCase: integer
  An Integer indicating the minimum number of lower-case alphabetic characters in a password. A value of 0 or no value SHALL indicateno minimum length restriction.
• minNumerals: integer
  An Integer indicating the minimum number of numeric characters in a password. A value of 0 or no value SHALL indicate no minimum length restriction.
• minPasswordAgeInDays: integer
  An Integer indicating the minimum age in days before the password can be changed.
• minQuestionCount: integer
  Not supported in OAM. An Integer indicating the minimum number of challenge questions a subject MUST answer when setting challenge question answers. A value of 0 or no value indicates no minimum. Not supported
• minResponseLength: integer
  Not supported in OAM. An Integer indicating the minimum number of characters in a challenge response. No value or a value of 0 indicates no minimum length (effectively 1).
• minSpecialChars: integer
  An Integer indicating the minimum number of special characters in a password. A value of 0 or no value SHALL indicate no minimum length restriction.
• minUnicodeChars: integer
  An integer indicating minimum number of unicode characters in a password.
• minUniqueChars: integer
  An Integer indicating the minimum number of unique characters in a password. A value of 0 or no value SHALL indicate no minimum restriction.
• minUpperCase: integer
  An Integer indicating the minimum number of upper-case alphabetic characters in a password. A value of 0 or no value SHALL indicate no minimum length restriction.
• name: string
  A String that is the name of the policy. Typically used for informational purposes (e.g. to display to the user)
• passwordHistorySize: integer
  An Integer indicating the number of passwords that will be kept in history that may not be used as a password.
• requiredChars: string
  A String value whose contents indicates a set of characters that MUST appear, in any sequence, in a password value.
• startsWithAlpha: boolean
  A Boolean indicating that the password MUST being with an alphabetic character.
• userNameDisallowed: boolean
  A Boolean indicating a sequence of characters matching the resource's "userName" SHALL NOT be included in the password.
• warningAfterDays: integer
  An Integer indicating the number of days after which a password reset warning will be issued.

{
    "type":"object",
    "properties":{
        "id":{
            "type":"string",
            "description":"Unique identifier representing a specific password policy."
        },
        "name":{
            "type":"string",
            "description":"A String that is the name of the policy.  Typically used for informational purposes (e.g. to display to the user)"
        },
        "desc":{
            "type":"string",
            "description":"A String that describes the current policy.  Typically used for informational purposes (e.g. to display to a user)."
        },
        "maxLength":{
            "type":"integer",
            "description":"An Integer indicating the maximum password length (in characters). A value of 0 or no value SHALL indicate no maximum length restriction."
        },
        "minLength":{
            "type":"integer",
            "description":"An Integer indicating the minimum password length (in characters). A value of 0 or no value SHALL indicate no minimum length restriction."
        },
        "minAlphas":{
            "type":"integer",
            "description":"An Integer indicating the minimum number of alphabetic characters in a password.  A value of 0 or no value SHALL indicate no minimum length restriction."
        },
        "minNumerals":{
            "type":"integer",
            "description":"An Integer indicating the minimum number of numeric characters in a password.  A value of 0 or no value SHALL indicate no minimum length restriction."
        },
        "minAlphaNumerals":{
            "type":"integer",
            "description":"An Integer indicating the minimum number of alphabetic or numeric characters in a password.  A value of 0 or no value SHALL indicate no minimum length restriction."
        },
        "minSpecialChars":{
            "type":"integer",
            "description":"An Integer indicating the minimum number of special characters in  a password.  A value of 0 or no value SHALL indicate no minimum length restriction."
        },
        "maxSpecialChars":{
            "type":"integer",
            "description":"An Integer indicating the maximum number of special characters in a password.  A value of 0 or no value SHALL indicate no maximum length restriction."
        },
        "minUpperCase":{
            "type":"integer",
            "description":"An Integer indicating the minimum number of upper-case alphabetic characters in a password.  A value of 0 or no value SHALL indicate no minimum length restriction."
        },
        "minLowerCase":{
            "type":"integer",
            "description":"An Integer indicating the minimum number of lower-case alphabetic characters in a password.  A value of 0 or no value SHALL indicateno minimum length restriction."
        },
        "minUniqueChars":{
            "type":"integer",
            "description":"An Integer indicating the minimum number of unique characters in a password.  A value of 0 or no value SHALL indicate no minimum restriction."
        },
        "maxRepeatedChars":{
            "type":"integer",
            "description":"An Integer indicating the maximum number of repeated characters in a password.  A value of 0 or no value SHALL indicate no restriction."
        },
        "startsWithAlpha":{
            "type":"boolean",
            "description":"A Boolean indicating that the password MUST being with an alphabetic character."
        },
        "minUnicodeChars":{
            "type":"integer",
            "description":"An integer indicating minimum number of unicode characters in a password."
        },
        "firstNameDisallowed":{
            "type":"boolean",
            "description":"A Boolean indicating a sequence of characters matching the resource's \"name.givenName\" SHALL NOT be included in the password."
        },
        "lastNameDisallowed":{
            "type":"boolean",
            "description":"A Boolean indicating a sequence of characters matching the resource's \"name.familyName\" SHALL NOT be included in the password."
        },
        "userNameDisallowed":{
            "type":"boolean",
            "description":"A Boolean indicating a sequence of characters matching the resource's \"userName\" SHALL NOT be included in the password."
        },
        "minPasswordAgeInDays":{
            "type":"integer",
            "description":"An Integer indicating the minimum age in days before the password can be changed."
        },
        "warningAfterDays":{
            "type":"integer",
            "description":"An Integer indicating the number of days after which a password reset warning will be issued."
        },
        "expiresAfterDays":{
            "type":"integer",
            "description":"An Integer indicating the numbers of days after which a password reset is required."
        },
        "requiredChars":{
            "type":"string",
            "description":"A String value whose contents indicates a set of characters that MUST appear, in any sequence, in a password value."
        },
        "disallowedChars":{
            "type":"string",
            "description":"A String value whose contents indicates a set of characters that SHALL NOT appear, in any sequence, in a password value."
        },
        "disallowedSubStrings":{
            "type":"string",
            "description":"A Multi-valued String indicating a set of Strings that SHALL NOT appear within a password value."
        },
        "dictionaryLocation":{
            "type":"string",
            "description":"A Reference value containing the URI of a dictionary of words not allowed to appear within a password value."
        },
        "passwordHistorySize":{
            "type":"integer",
            "description":"An Integer indicating the number of passwords that will be kept in history that may not be used as a password."
        },
        "maxIncorrectAttempts":{
            "type":"integer",
            "description":"An Integer representing the maximum number of failed logins before an account is locked."
        },
        "lockOutDuration":{
            "type":"integer",
            "description":"An Integer indicating the number of minutes an account will be locked after maxIncorrectAttempts exceeded."
        },
        "challengesEnabled":{
            "type":"boolean",
            "description":"Always false in OAM. A Boolean value indicating challenges MAY be used during authentication. Not supported. None of the challenge question/answers related policy elements are supported since OAM doesnt support user challenge questions/answers."
        },
        "challengePolicy":{
            "type":"integer",
            "description":"Not supported in OAM. A complex attribute that defines policy around challenges.  It contains the following sub-attributes.source  An Integer indicating one of the following +  0 - User Defined.  +  1 - Admin Defined. +  2 - User and Admin Defined."
        },
        "defaultQuestions":{
            "type":"string",
            "description":"Not supported in OAM. A Multi-valued String attribute that contains one or more default question a subject may use when setting their challenge questions.Not supported in OAM"
        },
        "minQuestionCount":{
            "type":"integer",
            "description":"Not supported in OAM. An Integer indicating the minimum number of challenge questions a subject MUST answer when setting challenge question answers.  A value of 0 or no value indicates no minimum.  Not supported"
        },
        "minAnswerCount":{
            "type":"integer",
            "description":"Not supported in OAM. An Integer indicating the minimum number of challenge answers a subject MUST answer when attempting to reset their password via forgot password request."
        },
        "allAtOnce":{
            "type":"boolean",
            "description":"Not supported in OAM. A Boolean value.  When true, the client UI will present all challengers in random order each time displayed.  When false, the client UI will present one challenge question at a time where the subject MUST respond before the next is displayed."
        },
        "minResponseLength":{
            "type":"integer",
            "description":"Not supported in OAM. An Integer indicating the minimum number of characters in a challenge response.  No value or a value of 0 indicates no minimum length (effectively 1)."
        },
        "maxIncorrectChallengesAttempts":{
            "type":"integer",
            "description":"Not supported in OAM. An Integer indicates the maximum number of failed reset password attempts using challenges.  If any challenges are wrong in a reset attempt, the users resetAttempts counter will be incremented by 1.  If resetAttempts is greater than maxIncorrectAttempts, the subject's account will be locked with a locked.reason value."
        }
    }
}

401 Response

Unauthorized

404 Response

Requested entity not found

500 Response

Internal Server Error