Skip to content

SetAuthenticationAndPasswordPolicy API

Updates the authentication and password policy settings by sending a serialized AuthenticationAndPasswordPolicy object. This API allows you to configure password complexity rules, expiration policies, and actions that require password re-confirmation.

Endpoint

/srv.asmx/SetAuthenticationAndPasswordPolicy

Methods

  • GET /srv.asmx/SetAuthenticationAndPasswordPolicy?authenticationTicket=...&settingsXml=...
  • POST /srv.asmx/SetAuthenticationAndPasswordPolicy (form data)
  • SOAP Action: http://tempuri.org/SetAuthenticationAndPasswordPolicy

The settingsXml value must contain the AuthenticationAndPasswordPolicy XML. Always URL-encode the XML when calling the GET endpoint.

Parameters

Parameter Type Required Description
authenticationTicket string Yes Ticket returned by AuthenticateUser. The caller must have UpdateApplicationSettingsAndPolicies admin permission.
settingsXml string Yes XML representation of the AuthenticationAndPasswordPolicy object. Obtain the current structure via GetAuthenticationAndPasswordPolicy, update the desired values, then submit the modified XML here.

Response

Success

<root success="true" />

Error

<root success="false" error="[ErrorCode] Error message" />

Typical errors: - [2730] when the user is not authenticated - Admin permission error when the user lacks UpdateApplicationSettingsAndPolicies permission - Invalid settings XML format when the payload cannot be deserialized - The message returned by UpdateAuthenticationAndPasswordPolicySettings (for validation failures)

Required Permissions

  • UpdateApplicationSettingsAndPolicies admin permission
  • Only authenticated administrators can invoke this method

Example (REST POST)

POST /srv.asmx/SetAuthenticationAndPasswordPolicy HTTP/1.1
Content-Type: application/x-www-form-urlencoded

authenticationTicket=6F9C2A...&
settingsXml=%3CAuthenticationAndPasswordPolicy%3E...%3C%2FAuthenticationAndPasswordPolicy%3E

SOAP Request

POST /srv.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/SetAuthenticationAndPasswordPolicy"

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <SetAuthenticationAndPasswordPolicy xmlns="http://tempuri.org/">
      <authenticationTicket>6F9C2A...</authenticationTicket>
      <settingsXml><![CDATA[
        <AuthenticationAndPasswordPolicy>
          <PasswordPolicy>
            <Expires>90</Expires>
            <MinLen>8</MinLen>
            <MustIncludeAlphaNumericCharacters>true</MustIncludeAlphaNumericCharacters>
            <MustIncludeNumericCharacters>true</MustIncludeNumericCharacters>
            <MustIncludeNonAlphaNumericCharacters>true</MustIncludeNonAlphaNumericCharacters>
            <MustNotEqualEmailAddress>true</MustNotEqualEmailAddress>
            <MustNotEqualUserName>true</MustNotEqualUserName>
            <MustNotInCommonPasswordList>true</MustNotInCommonPasswordList>
          </PasswordPolicy>
          <PasswordRePromptActions>
            <DomainDelete>true</DomainDelete>
            <OnDelete>true</OnDelete>
            <UserDelete>true</UserDelete>
            <SecurityApply>true</SecurityApply>
            <OnOwnerChange>true</OnOwnerChange>
            <OnClassify>false</OnClassify>
            <OnReviewTask>false</OnReviewTask>
          </PasswordRePromptActions>
        </AuthenticationAndPasswordPolicy>
      ]]></settingsXml>
    </SetAuthenticationAndPasswordPolicy>
  </soap:Body>
</soap:Envelope>

Sample settingsXml Payload

<AuthenticationAndPasswordPolicy>
  <PasswordPolicy>
    <Expires>90</Expires>
    <MinLen>8</MinLen>
    <MustIncludeAlphaNumericCharacters>true</MustIncludeAlphaNumericCharacters>
    <MustIncludeNumericCharacters>true</MustIncludeNumericCharacters>
    <MustIncludeNonAlphaNumericCharacters>true</MustIncludeNonAlphaNumericCharacters>
    <MustNotEqualEmailAddress>true</MustNotEqualEmailAddress>
    <MustNotEqualUserName>true</MustNotEqualUserName>
    <MustNotInCommonPasswordList>true</MustNotInCommonPasswordList>
  </PasswordPolicy>
  <PasswordRePromptActions>
    <DomainDelete>true</DomainDelete>
    <OnDelete>true</OnDelete>
    <UserDelete>true</UserDelete>
    <SecurityApply>true</SecurityApply>
    <OnOwnerChange>true</OnOwnerChange>
    <OnClassify>false</OnClassify>
    <OnReviewTask>false</OnReviewTask>
  </PasswordRePromptActions>
</AuthenticationAndPasswordPolicy>

AuthenticationAndPasswordPolicy Structure

PasswordPolicy Properties

Property Type Description
Expires integer Password expiration in days (0 = never expires)
MinLen short Minimum password length (1-14 characters)
MustIncludeAlphaNumericCharacters boolean Require alphabetic characters
MustIncludeNumericCharacters boolean Require numeric characters
MustIncludeNonAlphaNumericCharacters boolean Require special characters (!@#$%^&*)
MustNotEqualEmailAddress boolean Password cannot equal user's email
MustNotEqualUserName boolean Password cannot equal username
MustNotInCommonPasswordList boolean Reject common/weak passwords

PasswordRePromptActions Properties

Property Type Description
DomainDelete boolean Re-prompt password when deleting a domain
OnDelete boolean Re-prompt password when deleting items
UserDelete boolean Re-prompt password when deleting users
SecurityApply boolean Re-prompt password when applying security
OnOwnerChange boolean Re-prompt password when changing ownership
OnClassify boolean Re-prompt password when classifying documents
OnReviewTask boolean Re-prompt password on review tasks

Usage Guidelines

  1. Call GetAuthenticationAndPasswordPolicy to retrieve the current settings
  2. Modify only the values you need to change; keep the structure intact
  3. Validate business rules:
  4. Password expiration: 0 or positive integer (days)
  5. Minimum length: 1-14 characters
  6. At least one complexity requirement should be enabled
  7. Submit the updated XML via SetAuthenticationAndPasswordPolicy
  8. Settings take effect immediately for new password changes

Notes

  • Password Expiration: Set to 0 to disable password expiration
  • Minimum Length: Automatically clamped to range 1-14
  • Complexity Requirements: Multiple requirements can be enabled simultaneously for stronger security
  • Re-Prompt Actions: Controls which administrative actions require password re-confirmation for security
  • Existing Users: Changes do not force existing users to change passwords immediately
  • Next Password Change: New policy applies when users change their passwords
  • Settings are stored in the database and automatically refreshed in memory cache
  • Audit logging should be handled at the application level

Security Recommendations

Strong Password Policy Example

<PasswordPolicy>
  <Expires>90</Expires>
  <MinLen>12</MinLen>
  <MustIncludeAlphaNumericCharacters>true</MustIncludeAlphaNumericCharacters>
  <MustIncludeNumericCharacters>true</MustIncludeNumericCharacters>
  <MustIncludeNonAlphaNumericCharacters>true</MustIncludeNonAlphaNumericCharacters>
  <MustNotEqualEmailAddress>true</MustNotEqualEmailAddress>
  <MustNotEqualUserName>true</MustNotEqualUserName>
  <MustNotInCommonPasswordList>true</MustNotInCommonPasswordList>
</PasswordPolicy>

Critical Operations Protection

<PasswordRePromptActions>
  <DomainDelete>true</DomainDelete>
  <OnDelete>true</OnDelete>
  <UserDelete>true</UserDelete>
  <SecurityApply>true</SecurityApply>
  <OnOwnerChange>true</OnOwnerChange>
  <!-- Less critical operations -->
  <OnClassify>false</OnClassify>
  <OnReviewTask>false</OnReviewTask>
</PasswordRePromptActions>
  • GetAuthenticationAndPasswordPolicy - Retrieve current policy settings
  • GetSystemBehaviorSettings - Get login logging and delay settings
  • SetSystemBehaviorSettings - Update system behavior settings
  • ChangeUserPassword - Change a user's password
  • CreateUser - Create new user with password

Integration Example (C#)

using System.Xml.Linq;
using System.Xml.Serialization;

// Get current policy
var getPolicyResponse = await client.GetAuthenticationAndPasswordPolicyAsync(authTicket);
var currentPolicy = DeserializePolicy(getPolicyResponse);

// Modify policy
currentPolicy.PasswordPolicy.Expires = 90;
currentPolicy.PasswordPolicy.MinLen = 12;
currentPolicy.PasswordPolicy.MustIncludeNumericCharacters = true;
currentPolicy.PasswordPolicy.MustIncludeNonAlphaNumericCharacters = true;

// Serialize to XML
var serializer = new XmlSerializer(typeof(AuthenticationAndPasswordPolicy));
string settingsXml;
using (var writer = new StringWriter())
{
    serializer.Serialize(writer, currentPolicy);
    settingsXml = writer.ToString();
}

// Update policy
var updateResponse = await client.SetAuthenticationAndPasswordPolicyAsync(
    authTicket,
    settingsXml
);

if (updateResponse.Root.Attribute("success")?.Value == "true")
{
    Console.WriteLine("Password policy updated successfully");
}
else
{
    var error = updateResponse.Root.Attribute("error")?.Value;
    Console.WriteLine($"Error updating policy: {error}");
}

Version History

  • Compatible with infoRouter 8.7 and later
  • AuthenticationAndPasswordPolicy is serializable for XML transport
  • Supports both SOAP and REST endpoints
  • Requires Workflow and Security modules for full functionality