Password policy settings (allowNumeric, allowSpecial) have no effect

[scott...@gmail.com]

I have the following settings in my PwmConfiguration.xml:

<setting key="password.policy.minimumLength" syntax="NUMERIC" profile="default" syntaxVersion="0" modifyTime="2018-07-30T15:32:33Z">
<label>Minimum Length</label>
<value>7</value>
</setting>
<setting key="password.policy.allowNumeric" syntax="BOOLEAN" profile="default" syntaxVersion="0" modifyTime="2018-07-30T16:20:03Z">
<label>Allow Numeric Characters</label>
<value>true</value>
</setting>
<setting key="password.policy.allowSpecial" syntax="BOOLEAN" profile="default" syntaxVersion="0" modifyTime="2018-07-30T16:20:03Z">
<label>Allow Special Characters</label>
<value>true</value>
</setting>

The first one works just fine...PWM enforces the password length, and correctly displays the prose rule in the user guidance in the UI.

However, the allowNumeric and allowSpecial rules are not enforced. In the configuration editor, they are checked as expected. However, the password guidance to the user (on the password change page) indicates the opposite of the rule:

* Must be at least 7 characters long.
* Must not include any numeric characters.
* Must not include any symbol (non letter or number) characters.

And if I attempt to change the password to one with numeric characters, it's flagged as invalid.

Is there another setting that I'm missing? I have tried setting minimum and maximum numeric properties, just to see if those made a difference (even though I don't in practice have any rules around those) but they did not change the behavior.

Thanks.
--Scott

[scott...@gmail.com]

It appears that the solution here (in case anyone else ever runs into this) is to change Settings...Password Settings...Password Policy Source to "Local". This puts the following setting in PwmConfiguration.xml:

<setting key="password.policy.source" syntax="SELECT">
<label>Password Policy Source</label>
<value><![CDATA[PWM]]></value>
</setting>