Configuring Additional Password Rules for Tivoli Identity Manager

Configuring Additional Password Rules for Tivoli Identity Manager

There are 2 different ways to accomplish this task, automatically or manually.

Method 1: Automatically copy the files, as follows:

There is a script that is located in folder /export/home/<Name Wanted>_rules named installRules.sh.  This script will copy the <Name Wanted>.jar and MANIFEST.MF to the appropriate folders, it will also append 3 new password rules to the correct properties file.

The <Name Wanted>.jar, MANIFEST.MF and the passwordrules.properties files must exist in the same directory as the installRules.sh.

The code within the installRules.sh script copies the 2 files and performs a ‘cat’ function (as in concatinate) to the passwordRules.properties file that exist in itim/data directory.

Here are the 3 lines that will be appended to the passwordrules.properties file that resides in /itim/data.




Once the script has been completed successfully you will need to edit the Customslabels.properties file. This is where the labels for the 3 new attributes are configured. Below are what the statements should look like in the CustomLabels.Properties file.

      password.rule.com.passwordrules.MinUpperCaseCharacters=Mininum Upper Case Required

      password.rule.com.passwordrules.MinUpperCaseCharacters=Mininum Lower Case Required

      password.rule.com.passwordrules.MinSpecialCharacters=Mininum Special Characters Required

Method 2: Manually copy the files, as follows:

 There are 4 separate steps that need to be completed to successfully add additional password rules for the ITIM system. Each step is described below and needs to be completed in order so that the additional rules work correctly.

Verify that the MANIFEST.MF member resides in the META-INF folder.

The META-INF folder is location in:


Add “<Name Wanted>.jar” to the Class-Path, verify that you can see Class-Path Entry where the <Name Wanted>.jar was added.

Verify that the <NameWanted>.jar member resides in the enRole.ear directory.

The enRole.ear folder is location in:


Edit the CustomLabels.properties file to add the new labels for the 3 new password attributes.

    1.  Change the directory to /itim/data
        1.  vi CustomLabels.properties file and add the 3 new password labels. Then save the file, as a precaution backup the CustomLabels.properties file before you start to edit it.

 Edit the passwordRules.properties file, add the 3 password attributes and set them to equal true.

 The passwordrules.properties file resides in “itim/data

Questions, comments or concerns? Feel free to reach out to us below or at IDMWORKS

Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers.

Leave a Reply

Your email address will not be published. Required fields are marked *