Description of problem:

Customer configured the parameter “change_password_upon_first_use = True” from keystone config so that the new users should be forced to change their password during their first time login in Horizon. At the same time they expect the regex and help_text defined below from the horizon config file should be considered.

Example configuration:

/var/lib/config-data/puppet-generated/horizon/etc/openstack-dashboard/local_settings:

HORIZON_CONFIG["password_validator"] = {
"regex": '^.

{8,30}$',
"help_text": _("Password must be between 8 and 30 characters."),

Unfortunately the above configuration (password validation) only works and throw defined help_text message while we create new user and set password from the Horizon UI, but not during the user first time login and password change in horizon.

After setting the below parameter in keystone config, password validation (password_regex) works fine when users are forced to change their password for the first time.
However “password_regex_description” defined below will not reflect, instead we get the default message “Unable to update the user password.” (Attached Screenshot).

Example configuration:

/var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf

password_regex = '^.{8,30}

$'
password_regex_description = Password must be between 8 and 30 characters.

We tried adding the regex description in single quote and double quotes too without any luck.

Version-Release number of selected component (if applicable):

RHOSP 17.1.1

How reproducible:

The issue is easily reproducible in the RHOSP 17.1.3 lab environment.

Actual results:

Currently the defined regex_description is not displayed when user attempt to change their password for the first time login via Horizon

Expected results:

When user login first time via Horizon and attempt to change password the regex_description should be displayed as defined if the password doesn’t meet the defined password_regex.