Verify password policies

Last modified 10 Mar 2026 18:01 +01:00
Table of Contents

After configuring a password policy, it is worth verifying the policy is enforced as you intend it to be. This article covers the few steps you need to take to check that your policy is in place.

The most straightforward way to verify your policy is enforced where you want it is to use the midPoint GUI forms for password changes. The password field displays an info box describing the current requirements‒minimum length, required character classes, etc. These requirements reflect the policy that midPoint enforces when the password is saved.

If no more specific policy applies to the selected user, the hints reflect the global password policy. The global policy is the one referenced from the system configuration via the global security policy object.

For password policy configuration guides, refer to:

Verify policies on focal objects

  1. In Users > All users, open a user for editing.

  2. Select Password in the user-specific left-side menu.

  3. Edit the password.

    • You may need to click Show empty fields to see the password field if no password is set.

    • Click Change if password is set.

  4. Observe the displayed requirements for the password and compare them with the password policy you expect to be applied.

    • No need to actually change the password.

Password policy constraints info box
Figure 1. Password policy constraints info box

If you use an archetype-based password policy selection, be sure to test on users of the correct archetype.

Verify resource-specific password policies

A password policy can also be defined for specific resource object types. Resource-specific password policy applies to accounts of the particular type on the particular resource, not to the midPoint user object (focus).

Therefore, testing a resource object type-specific policy requires an attempt to provision the password to the resource.

Use a dedicated test user. Avoid changing passwords for real users on production.

  1. Go to your test user’s profile.

  2. In Projections, select the resource for which you wish to verify the policy.

  3. Observe the requirements hint displayed when you edit the password.

  4. To double check, you can try saving an invalid password to see if you get an error.

The password cannot be saved for the projection because it violates the password policy.
Figure 2. The password cannot be saved for the projection because it violates the password policy.

See also

Was this page helpful?
YES NO
Thanks for your feedback