Restricting the users from using First Name or Last Name in their password

Document ID : KB000014336
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

How to restrict users from using the Last Name or First Name in their password

Answer:

There is no option to get this done using a password policy. However one can use the below validation script on the task level.

Modify Task -> Change My Password  -> Tab -> Profile -> ChangeMyProfile Screen ->Validation JavaScript

---------------------
function validate(ScreenContext, errorMessage) {
 var adminDN = ScreenContext.getAdminUniqueName();
 var up = ScreenContext.getUserProvider();
 var adminUser = up.findUser(adminDN,null);
 var currentfirstName = String(adminUser.getAttribute("givenName")).toLowerCase();
 var currentLastName = String(adminUser.getAttribute("sn")).toLowerCase();
 var enteredPassword = String(ScreenContext.getFieldValue("Password")).toLowerCase();
 var isFNpresent = enteredPassword.indexOf(currentfirstName);
 var isLNpresent = enteredPassword.indexOf(currentLastName);
 if (isFNpresent == -1 && isLNpresent == -1){
  return true;
 }else{
  errorMessage.reference="Password should not contain First Or Last Name";
 return false;
 }
}
----------------------