We are encountering a strange issue with one of our value policies, but first here is some background to the problem:
The following check expression for preventing User IDs in credentials works in our defined password policy
but throws the following "Bad Request" error when copied as is to our security answers value policy:
Commenting out the assert object != null statement allows the security answers policy to validate answers without throwing the bad request error.
The main problem that I am reporting is that the check expression works in the password policy but does not work in the security answers policy.
If passwords are submitted that contain the current user's User ID ("name" in midPoint nomenclature), the password policy rejects them with the defined
failure message, but if security answers are submitted while using the same check expression, the policy accepts the submitted answers.
N.B. The passwords and security answers are being submitted to our midPoint instance via the midpoint-java-client.
Could you take a look?