Return error code for pwd policy violation

components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java

@@ -161,6 +161,7 @@ public class SCIMUserManager implements UserManager {
     private static final String ERROR_CODE_INVALID_CREDENTIAL = "30003";
     private static final String ERROR_CODE_INVALID_CREDENTIAL_DURING_UPDATE = "36001";
     private static final String ERROR_CODE_PASSWORD_HISTORY_VIOLATION = "22001";
+    private static final String ERROR_CODE_PASSWORD_POLICY_VIOLATION = "20035";
     private static final String ERROR_CODE_INVALID_ROLE_NAME = "30011";
     private static final Log log = LogFactory.getLog(SCIMUserManager.class);
     private AbstractUserStoreManager carbonUM;
@@ -430,6 +431,11 @@ private void handleErrorsOnUserNameAndPasswordPolicy(Throwable e) throws BadRequ
                 throw new BadRequestException(e.getMessage(), ResponseCodeConstants.INVALID_VALUE);
             }
             if (e instanceof PolicyViolationException) {
+                if (StringUtils.equals(ERROR_CODE_PASSWORD_POLICY_VIOLATION, ((PolicyViolationException) e)
+                        .getErrorCode()) && SCIMCommonUtils.isErrorCodeForPasswordPolicyViolationEnabled()) {
+                    throw new BadRequestException(ERROR_CODE_PASSWORD_POLICY_VIOLATION + " - " + e.getMessage(),
+                            ResponseCodeConstants.INVALID_VALUE);
+                }
                 throw new BadRequestException(e.getMessage(), ResponseCodeConstants.INVALID_VALUE);
             }
             if ((e instanceof IdentityEventException) && StringUtils

components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/SCIMCommonConstants.java

@@ -86,6 +86,7 @@ public class SCIMCommonConstants {
 
     public static final java.lang.String ASK_PASSWORD_URI = "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:askPassword";
     public static final java.lang.String VERIFY_EMAIL_URI = "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:verifyEmail";
+    public static final String ENABLE_ERROR_CODE_FOR_PASSWORD_POLICY_VIOLATION = "SCIM2.EnableErrorCodeForPasswordPolicyViolation";
 
     // Identity recovery claims
     public static final String ASK_PASSWORD_CLAIM = "http://wso2.org/claims/identity/askPassword";

components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/SCIMCommonUtils.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017-2023, WSO2 LLC. (http://www.wso2.com).
+ * Copyright (c) 2017-2024, WSO2 LLC. (http://www.wso2.com).
  *
  * WSO2 LLC. licenses this file to you under the Apache License,
  * Version 2.0 (the "License"); you may not use this file except
@@ -665,6 +665,24 @@ public static Map<ExternalClaim, LocalClaim> getMappedLocalClaimsForDialect(Stri
         }
     }
 
+    /**
+     * Checks if the configuration in identity.xml enables appending the error code to the error detail.
+     * By default, this feature is enabled.
+     *
+     * @return Returns true by default. If the configuration is present, its value is returned.
+     */
+    public static boolean isErrorCodeForPasswordPolicyViolationEnabled() {
+
+        String configValue =
+                IdentityUtil.getProperty(SCIMCommonConstants.ENABLE_ERROR_CODE_FOR_PASSWORD_POLICY_VIOLATION);
+
+        if (configValue == null) {
+            return true;
+        }
+
+        return Boolean.parseBoolean(configValue);
+    }
+
     /**
      * Get mapped local claim for specified external claim.
      *