Pre-Password Update Callout

The pre-password update callout is invoked just prior to updating the password within IBM Security Verify Access.

This callout conforms to the PasswordValidateRequest section within the draft-hunt-scim-password-mgmt-00 RFC: section 2.5 (https://tools.ietf.org/html/draft-hunt-scim-password-mgmt-00#section-2.5). The user identity is contained within the '$ref' field and is generated by appending the supplied user identity with the configured identity prefix. An example request can be:

POST /PasswordValidateRequestsHTTP/1.1 
Host: example.com
Accept: application/json
Content-Type: application/json
Authorization: Bearer h480djs93hd8
Accept-Language: en-US 
Content-Length: ... 

{ 
   "schemas":     
["urn:ietf:params:scim:schemas:core:2.0:password:PasswordValidateRequest"],
   "$ref": "/Users/2819c223-7f76-453a-919d-413861904646", 
   "password":”badpwd!" 
}

If the call is successful an empty '200' response is returned:

HTTP/1.1 200 OK

If the call is unsuccessful a SCIM error response is returned. The 'detail' field contained in the response is then sent back to the client. The 'Accept-Language' header from the request should be used by the REST service to determine the locale which is to be used when generating the response. An example response can be:

HTTP/1.1 400 Bad Request 
Content-Type: application/scim+json

{ 
   "schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
   "scimType":”tooLong" 
   "detail": ”The password must be at least 8 characters in length.", 
   "status":"400”
}

Parent topic: Password Callouts