oracle/weblogic-kubernetes-operator

User Passwords Without Special Characters Not Set Despite Setting MinNumericOrSpecialCharacters To 0 In Model Security Configuration

jkramplify opened this issue · 1 comments

jkramplify commented

Hi,

Weblogic Version: 12.2.1.4
Weblogic Kubernetes Operator Version: 3.2.3

We are having issues about users that don't have special characters in password unable to login after deployment. When we login to the console, the users were created but it seems like the password were not set. Other users with special characters in password were working just fine after deployment. We have included this configuration in model.yaml

SecurityConfiguration:
        Realm:
            'myrealm':
                PasswordValidator:
                    'SystemPasswordValidator':
                        SystemPasswordValidator:
                            MinNumericOrSpecialCharacters: 0     # integer
                            MinPasswordLength: 8                 # integer

Although the setting was properly applied when we check weblogic console, the users with special characters in passwords are still unable to login after deployment and we have to manually re-enter the password. We don't want to manually re-enter password after deployment, we want it to be added successfully just like the users with passwords that have special characters.

I have also tried rebuilding weblogic-deploy-tool and updated these files main/core/src/main/python/wlsdeploy/tool/util/default_authenticator_helper.py

def _encode_password(self, user, password):
        pwd_pattern = '[\\!a-zA-Z]{1,}'
        matches = Pattern.matches(pwd_pattern, password)
        if len(password) < 8: // **I have removed or matches so that it will only check min password length**
            self._logger.warning('WLSDPLY-01902', user)
            return None
        try:
            encrypted_pass = PasswordEncryptor.doSSHA256(password)
            encrypted_pass = "{ssha256}" + encrypted_pass
        except Exception, e:
            self._logger.warning('WLSDPLY-01901', user, e)
            return None
        return encrypted_pass

main/core/src/main/resources/oracle/weblogic/deploy/aliases/category_modules/SecurityConfiguration.json and set all conditions in PasswordValidator section to 0 except for password length.

We will eventually change those passwords without special characters but not in the near future as we will still need to do impact and dependency analysis in all our applications to know all the areas we need to update when we update the passwords.

robertpatrick commented

@jkramplify WDT 3.5.0 provides a mechanism to validate User passwords in the model that align with the WebLogic Server PasswordValidator configuration in the model (or the default rules)--WebLogic Server PasswordValidator only works when the server is running.