You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the issue:
When the "Prompt for password and consent" option is enabled during the JIT provisioning flow, if the user enters a password that does not comply with the defined password policy in the Identity Server, the JIT provisioning fails due to the invalid password. Despite this, the Identity Server continues the flow and authenticates the user without prompting the user to re-enter a valid password.
The following stack trace can be observed in the logs:
[2024-09-13 18:41:47,432] [060a335d-8f1d-456d-bf43-5bbc3a3012b0] ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler} - User provisioning failed! org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException: Error while provisioning user : Alex
at org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.impl.DefaultProvisioningHandler.handle(DefaultProvisioningHandler.java:184)
.............
Caused by: org.wso2.carbon.identity.mgt.policy.PolicyViolationException: 'Password pattern policy violated. Password should contain a digit[0-9], a lower case letter[a-z], an upper case letter[A-Z], one of !@#$%&* characters'
at org.wso2.carbon.identity.mgt.policy.PolicyRegistry.enforcePasswordPolicies(PolicyRegistry.java:39)
at org.wso2.carbon.identity.password.policy.handler.PasswordPolicyValidationHandler.handleEvent(PasswordPolicyValidationHandler.java:166)
... 80 more
The DefaultStepBasedSequenceHandler does not propagate this error and simply logs it [1].
Setup JIT provisioning with " Prompt for password and consent"
Enable password pattern through the resident IDP and define a policy, or use the default.
Enter a simple password that does not adhere to the configured regex when provisioning the user in JIT mode.
Click Register.
Expected behavior:
If the user-entered password does not meet the policy requirements, the system should prompt the user to re-enter a valid password without continuing the authentication.
Environment information:
Product Version: IS 5.10.0
The text was updated successfully, but these errors were encountered:
Describe the issue:
When the "Prompt for password and consent" option is enabled during the JIT provisioning flow, if the user enters a password that does not comply with the defined password policy in the Identity Server, the JIT provisioning fails due to the invalid password. Despite this, the Identity Server continues the flow and authenticates the user without prompting the user to re-enter a valid password.
The following stack trace can be observed in the logs:
The DefaultStepBasedSequenceHandler does not propagate this error and simply logs it [1].
[1] - https://github.com/wso2/carbon-identity-framework/blob/527dba704487431b95c34461656cdb7496a0f0cc/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/DefaultStepBasedSequenceHandler.java#L628
How to reproduce:
Expected behavior:
If the user-entered password does not meet the policy requirements, the system should prompt the user to re-enter a valid password without continuing the authentication.
Environment information:
The text was updated successfully, but these errors were encountered: