Password guidelines

It is possible to define rules for passwords. These are valid system-wide and are maintained in the configuration file SCM/config/etc/systemManagers/de.lobster.scm.authentication.AuthenticationManager.xml.

Several regular expressions can be specified, which must all match a password:

<?xml version="1.0"  encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC
 "-//EBD Integration//DTD Configure 1.3//EN"
 "http://www.ebd-integration.de/dtd/configure_1_3.dtd">
<Configure class="de.lobster.scm.authentication.AuthenticationManager">
 
    <Call name="addPasswordValidator"><Arg>^.{4,}$</Arg></Call><!-- min 4 characters -->
    <Call name="addPasswordValidator"><Arg>[0-9]</Arg></Call><!-- min one number -->
    <Call name="addPasswordValidator"><Arg>[!$%&amp;/()=?+-]</Arg></Call><!-- min one special char -->
    <Call name="addPasswordValidator"><Arg>[A-Z]</Arg></Call><!-- min one special upper case char -->
 
</Configure>

If the user should be given more detailed information about the rules, the entry error/CORESYSTEM_AuthenticationService_invalidPassword can be overwritten via localization.

If the password of a user is changed, two variables are passed in the event handler (create or change trigger):

Variable	Values	Description
passwordTouched	true	If a new password was created for the user, this variable is set to true.
passwordChanged	true/false	If the password has changed, this variable is set to true.