{ "swagger":"2.0", "info":{ "title":"REST API for Password Policy Management in Oracle Access Manager", "description":"The Oracle Access Manager Password Policy Management REST APIs helps you create and manage password policies. Password policy details can be retrieved using policy IDs and also based on the criteria given in the search query.", "version":"2025.02.19", "x-summary":"The Oracle Access Manager Password Policy Management REST APIs helps you create and manage password policies." }, "schemes":[ "https" ], "basePath":"/iam/admin/access/api/v1/policy", "produces":[ "application/json" ], "paths":{ "/PasswordPolicies/${policyid}":{ "get":{ "summary":"Get Password Policy using policyid", "description":"The PasswordPolicy returns information about the \"OAM\" \npassword policy. The response includes password policy rules and \nassignment rule which gives information on which subset of OAM users\nthis password policy is applicable.\n", "parameters":[ { "name":"policyid", "in":"path", "description":"The password policy unique identifier", "required":true, "type":"string" } ], "tags":[ "PasswordPolicy" ], "responses":{ "200":{ "description":"Password policy assignment", "schema":{ "type":"array", "items":{ "$ref":"#/definitions/PasswordPolicyAssignment" } } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"PasswordPolicies-${policyid}-get", "x-filename-id":"passwordpolicies-policyid-get" } }, "/PasswordPolicies/${tenantid}/${policyid}":{ "get":{ "summary":"Get Password Policy using tenant and policyid", "description":"The PasswordPolicy returns information about the \"OAM\" \npassword policy. The response includes password policy rules and \nassignment rule which gives information on which subset of OAM users\nthis password policy is applicable.\n", "parameters":[ { "name":"tenantid", "in":"path", "description":"tenant unique identifier", "required":true, "type":"string" }, { "name":"policyid", "in":"path", "description":"The password policy unique identifier", "required":true, "type":"string" } ], "tags":[ "PasswordPolicy" ], "responses":{ "200":{ "description":"Password policy assignment", "schema":{ "type":"array", "items":{ "$ref":"#/definitions/PasswordPolicyAssignment" } } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"PasswordPolicies-${tenantid}-${policyid}-get", "x-filename-id":"passwordpolicies-tenantid-policyid-get" } }, "/PasswordPolicies":{ "get":{ "summary":"Get Password Policies", "description":"This method returns a list of password policy assignments as per the query conditions.\n1) If a tenantid is specified, then password policies for that tenant are returned. Otherwise\npassword policies for the default tenant are returned.\n2) If a policyid is specified then the password policy in particular is returned and supersedes\nthe group and idStore query parameters . \n3) If policyid is not specified and idStore is specified, then the list of password policies \nwhich are appliable to the given idstore reference is returned.\n4) If policyid is not specified and idStore is not specified, the list of password policies \napplicable for a given group is returned. If policyid is not specified and idStore is specified,\nthe list of password policies applicable to the given group and given idstore is returned.\n", "parameters":[ { "name":"tenantid", "in":"query", "description":"tenant unique identifier", "required":true, "type":"string" }, { "name":"policyid", "in":"query", "description":"The password policy unique identifier", "required":true, "type":"string" }, { "name":"idStore", "in":"query", "description":"The Identity store reference in OAM that the password policy is applicable for", "required":true, "type":"string" }, { "name":"group", "in":"query", "description":"The password policies that have applicable group", "required":true, "type":"string" } ], "tags":[ "PasswordPolicy" ], "responses":{ "200":{ "description":"Password policy assignment", "schema":{ "type":"array", "items":{ "$ref":"#/definitions/PasswordPolicyAssignment" } } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"PasswordPolicies-get", "x-filename-id":"passwordpolicies-get" }, "post":{ "summary":"Add password policies", "description":"post method to add password policies to OAM.", "parameters":[ { "name":"tenantid", "in":"query", "description":"tenant unique identifier", "required":false, "type":"string" }, { "name":"passwordpolicyassignments", "in":"body", "description":"list of password policy assignments", "required":true, "schema":{ "type":"array", "items":{ "$ref":"#/definitions/PasswordPolicyAssignment" } } } ], "tags":[ "PasswordPolicy" ], "responses":{ "200":{ "description":"Password policy assignment", "schema":{ "type":"array", "items":{ "$ref":"#/definitions/PasswordPolicyAssignment" } } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"PasswordPolicies-post", "x-filename-id":"passwordpolicies-post" }, "put":{ "summary":"Update Password policy", "description":"post method to add password policies to OAM.", "parameters":[ { "name":"tenantid", "in":"query", "description":"tenant unique identifier", "required":false, "type":"string" }, { "name":"passwordpolicyassignment", "in":"body", "description":"password policy assignment to be updated", "required":true, "schema":{ "$ref":"#/definitions/PasswordPolicyAssignment" } } ], "tags":[ "PasswordPolicy" ], "responses":{ "200":{ "description":"Password policy assignment", "schema":{ "$ref":"#/definitions/PasswordPolicyAssignment" } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"PasswordPolicies-put", "x-filename-id":"passwordpolicies-put" }, "delete":{ "summary":"Delete password policies", "description":"This method deletes a list of password policy assignments as per the query conditions.\n1) If a tenantid is specified, then password policies for that tenant are returned. Otherwise\npassword policies for the default tenant are returned.\n2) If a policyid is specified then the password policy in particular is returned and supersedes\nthe group and idStore query parameters . \n3) If policyid is not specified and idStore is specified, then the list of password policies \nwhich are appliable to the given idstore reference is returned.\n4) If policyid is not specified and idStore is not specified, the list of password policies \napplicable for a given group is returned. If policyid is not specified and idStore is specified,\nthe list of password policies applicable to the given group and given idstore is returned.\n", "parameters":[ { "name":"tenantid", "in":"query", "description":"tenant unique identifier", "required":true, "type":"string" }, { "name":"policyid", "in":"query", "description":"The password policy unique identifier", "required":true, "type":"string" }, { "name":"idStore", "in":"query", "description":"The Identity store reference in OAM that the password policy is applicable for", "required":true, "type":"string" }, { "name":"group", "in":"query", "description":"The password policies that have applicable group", "required":true, "type":"string" } ], "tags":[ "PasswordPolicy" ], "responses":{ "200":{ "description":"Password policy assignment", "schema":{ "type":"array", "items":{ "$ref":"#/definitions/PasswordPolicyAssignment" } } }, "401":{ "description":"Unauthorized" }, "404":{ "description":"Requested entity not found" }, "500":{ "description":"Internal Server Error" } }, "x-internal-id":"PasswordPolicies-delete", "x-filename-id":"passwordpolicies-delete" } } }, "definitions":{ "PasswordPolicyAssignment":{ "type":"object", "properties":{ "PasswordPolicyInfo":{ "$ref":"#/definitions/passwordPolicyInfo" }, "AssignmentRule":{ "$ref":"#/definitions/assignmentRule" } } }, "assignmentRule":{ "type":"object", "properties":{ "idStoreRef":{ "type":"string", "description":"The identity store reference id for which the current password policy is assigned to." }, "priority":{ "type":"integer", "description":"The priority for this password policy assignment. The policy for the user is ascertained by getting all the assignement rules for the idstore in which the user belongs, sorted using priority. The first applicable password policy is then chosen as the password policy applicable for the user." }, "passwordPolicyID":{ "type":"string", "description":"This has to match with the password policy specified in the passwordPolicyInfo id" }, "ruleType":{ "type":"integer", "description":"The ruletype is an integer enumerator which specifies the kind of rule 1-none 2 -group" }, "ruleValue":{ "type":"string", "description":"If the ruleType indicated group, then the rulevale indicates the group to which the user must belong to for the password policy to be applicable." } } }, "passwordPolicyInfo":{ "type":"object", "properties":{ "id":{ "type":"string", "description":"Unique identifier representing a specific password policy." }, "name":{ "type":"string", "description":"A String that is the name of the policy. Typically used for informational purposes (e.g. to display to the user)" }, "desc":{ "type":"string", "description":"A String that describes the current policy. Typically used for informational purposes (e.g. to display to a user)." }, "maxLength":{ "type":"integer", "description":"An Integer indicating the maximum password length (in characters). A value of 0 or no value SHALL indicate no maximum length restriction." }, "minLength":{ "type":"integer", "description":"An Integer indicating the minimum password length (in characters). A value of 0 or no value SHALL indicate no minimum length restriction." }, "minAlphas":{ "type":"integer", "description":"An Integer indicating the minimum number of alphabetic characters in a password. A value of 0 or no value SHALL indicate no minimum length restriction." }, "minNumerals":{ "type":"integer", "description":"An Integer indicating the minimum number of numeric characters in a password. A value of 0 or no value SHALL indicate no minimum length restriction." }, "minAlphaNumerals":{ "type":"integer", "description":"An Integer indicating the minimum number of alphabetic or numeric characters in a password. A value of 0 or no value SHALL indicate no minimum length restriction." }, "minSpecialChars":{ "type":"integer", "description":"An Integer indicating the minimum number of special characters in a password. A value of 0 or no value SHALL indicate no minimum length restriction." }, "maxSpecialChars":{ "type":"integer", "description":"An Integer indicating the maximum number of special characters in a password. A value of 0 or no value SHALL indicate no maximum length restriction." }, "minUpperCase":{ "type":"integer", "description":"An Integer indicating the minimum number of upper-case alphabetic characters in a password. A value of 0 or no value SHALL indicate no minimum length restriction." }, "minLowerCase":{ "type":"integer", "description":"An Integer indicating the minimum number of lower-case alphabetic characters in a password. A value of 0 or no value SHALL indicateno minimum length restriction." }, "minUniqueChars":{ "type":"integer", "description":"An Integer indicating the minimum number of unique characters in a password. A value of 0 or no value SHALL indicate no minimum restriction." }, "maxRepeatedChars":{ "type":"integer", "description":"An Integer indicating the maximum number of repeated characters in a password. A value of 0 or no value SHALL indicate no restriction." }, "startsWithAlpha":{ "type":"boolean", "description":"A Boolean indicating that the password MUST being with an alphabetic character." }, "minUnicodeChars":{ "type":"integer", "description":"An integer indicating minimum number of unicode characters in a password." }, "firstNameDisallowed":{ "type":"boolean", "description":"A Boolean indicating a sequence of characters matching the resource's \"name.givenName\" SHALL NOT be included in the password." }, "lastNameDisallowed":{ "type":"boolean", "description":"A Boolean indicating a sequence of characters matching the resource's \"name.familyName\" SHALL NOT be included in the password." }, "userNameDisallowed":{ "type":"boolean", "description":"A Boolean indicating a sequence of characters matching the resource's \"userName\" SHALL NOT be included in the password." }, "minPasswordAgeInDays":{ "type":"integer", "description":"An Integer indicating the minimum age in days before the password can be changed." }, "warningAfterDays":{ "type":"integer", "description":"An Integer indicating the number of days after which a password reset warning will be issued." }, "expiresAfterDays":{ "type":"integer", "description":"An Integer indicating the numbers of days after which a password reset is required." }, "requiredChars":{ "type":"string", "description":"A String value whose contents indicates a set of characters that MUST appear, in any sequence, in a password value." }, "disallowedChars":{ "type":"string", "description":"A String value whose contents indicates a set of characters that SHALL NOT appear, in any sequence, in a password value." }, "disallowedSubStrings":{ "type":"string", "description":"A Multi-valued String indicating a set of Strings that SHALL NOT appear within a password value." }, "dictionaryLocation":{ "type":"string", "description":"A Reference value containing the URI of a dictionary of words not allowed to appear within a password value." }, "passwordHistorySize":{ "type":"integer", "description":"An Integer indicating the number of passwords that will be kept in history that may not be used as a password." }, "maxIncorrectAttempts":{ "type":"integer", "description":"An Integer representing the maximum number of failed logins before an account is locked." }, "lockOutDuration":{ "type":"integer", "description":"An Integer indicating the number of minutes an account will be locked after maxIncorrectAttempts exceeded." }, "challengesEnabled":{ "type":"boolean", "description":"Always false in OAM. A Boolean value indicating challenges MAY be used during authentication. Not supported. None of the challenge question/answers related policy elements are supported since OAM doesnt support user challenge questions/answers." }, "challengePolicy":{ "type":"integer", "description":"Not supported in OAM. A complex attribute that defines policy around challenges. It contains the following sub-attributes.source An Integer indicating one of the following + 0 - User Defined. + 1 - Admin Defined. + 2 - User and Admin Defined." }, "defaultQuestions":{ "type":"string", "description":"Not supported in OAM. A Multi-valued String attribute that contains one or more default question a subject may use when setting their challenge questions.Not supported in OAM" }, "minQuestionCount":{ "type":"integer", "description":"Not supported in OAM. An Integer indicating the minimum number of challenge questions a subject MUST answer when setting challenge question answers. A value of 0 or no value indicates no minimum. Not supported" }, "minAnswerCount":{ "type":"integer", "description":"Not supported in OAM. An Integer indicating the minimum number of challenge answers a subject MUST answer when attempting to reset their password via forgot password request." }, "allAtOnce":{ "type":"boolean", "description":"Not supported in OAM. A Boolean value. When true, the client UI will present all challengers in random order each time displayed. When false, the client UI will present one challenge question at a time where the subject MUST respond before the next is displayed." }, "minResponseLength":{ "type":"integer", "description":"Not supported in OAM. An Integer indicating the minimum number of characters in a challenge response. No value or a value of 0 indicates no minimum length (effectively 1)." }, "maxIncorrectChallengesAttempts":{ "type":"integer", "description":"Not supported in OAM. An Integer indicates the maximum number of failed reset password attempts using challenges. If any challenges are wrong in a reset attempt, the users resetAttempts counter will be incremented by 1. If resetAttempts is greater than maxIncorrectAttempts, the subject's account will be locked with a locked.reason value." } } } }, "tags":[ { "name":"PasswordPolicy", "description":"The operations from the PasswordPolicy category." } ] }