Password strength rules evaluator

The evaluator evaluates password strength rules in the constraints that are required by the password strength validation engine. A configuration file that you specify supplies the pre-configured rules to the password strength validation module.

The password strength validation rules evaluator sends the rule policy with the XML representation of the password change request to the XSL processor for evaluation.

The input into the rule evaluation is an XML representation of the change password data. For example:

<?xml version="1.0" encoding='UTF-8'?>

<XMLUMI>
  <stsuuser:STSUniversalUser xmlns:stsuuser="urn:ibm:names:ITFIM:1.0:stsuuser">
    <stsuuser:Principal>
      <stsuuser:Attribute name="name">    
        <stsuuser:Value>
          testuser
        </stsuuser:Value>
      </stsuuser:Attribute>
    </stsuuser:Principal>
    <stsuuser:AttributeList>
      <stsuuser:Attribute name="old-password">
        <stsuuser:Value>passw0rd</stsuuser:Value>
      </stsuuser:Attribute>
      <stsuuser:Attribute name="password">
        <stsuuser:Value>newPassw0rd</stsuuser:Value>
      </stsuuser:Attribute>
    </stsuuser:AttributeList>
  </stsuuser:STSUniversalUser>
</XMLUMI>

The output of the evaluation is as follows:

<valid>result</valid>

where result is either true or false.

If the XSLT rules do not generate a result of either true or false, the password change fails, and an authentication error is printed in the WebSEAL log. For example:

HPDAC0949E   Validation of the rule text for rule object "pwdstrengthauthn" failed. 
Error code 0x1005b3b4 was returned along with error message "<valid xmlns:stsuuser="
urn:ibm:names:ITFIM:1.0:stsuuser">invalidResponse</valid>".
50        2014-07-29-17:52:01.670+10:00I----- 0x132120DD webseald WARNING ias authsvc 
pdauthn.cpp 1497 0x7f9c811a8700 -- HPDIA0221W   Authentication for user userA failed. 
You have used an invalid user name, password or client certificate. 

• Format and constraints of rules
  Define a password strength rule as an XSL template in an XSL style sheet.
• Sample password strength rule
  This example XSLT rule ensures that a password is at least 8 characters long.

Parent topic: Password strength