Characters that are valid for user IDs and passwords

Understanding character limitations for user IDs and passwords is important because they are used throughout IBM® Business Process Manager to provide access and secure content. The character limitations provided here apply to the IBM Business Process Manager administrator, the database administrator, the LDAP server administrator, and user IDs. Database and LDAP servers can have more restrictive limitations than provided here. Therefore you should check the database and LDAP server product documentation for restrictions. Failure to define user IDs and passwords correctly during the installation process can result in installation failure. In addition, your specific installation might have more restrictive user ID and password requirements that you must also follow.

When a person signs up as a user, or when an administrator enrolls a user, they must complete the user information form. On this form, do not enter characters that might not be supported. Regardless of which characters you are able to enter on the user information form, user ID and passwords are limited to the valid characters described here. You can specify other characters in the First Name and Last Name fields. If your company policy is more restrictive, you can provide that information to your users in the enrollment form help or as inline help directly on the form.
Avoid trouble: IBM Business Process Manager cannot create user IDs or passwords that contain spaces, although it fully supports any existing user IDs and passwords or those created in the user repository that contain spaces.
Under normal circumstances, a valid user ID and password can contain the following characters:
  • Lowercase characters {a-z}
  • Uppercase characters {A-Z}
  • Numbers {0-9}
  • Exclamation point {!}
  • Open parenthesis {(}
  • Close parenthesis {)}
  • Dash {-}; this character is not supported as the first character in the user ID or password
  • Period {.}; this character is not supported as the first character in the user ID or password
  • Question mark {?}
  • Open bracket {[}
  • Close bracket {]}
  • Underscore {_}; this is the only supported special character in IBM i
  • Grave accent {`}
  • Tilde {~}
  • Semicolon {;}
  • Colon {:}
  • Exclamation mark {!}
  • Commercial at {@} (this character is not supported when creating the IBM Business Process Manager administrator during installation)
  • Number sign {#}
  • Dollar sign {$}
  • Percent sign {%}
  • Circumflex accent {^}
  • Ampersand {&}
  • Asterisk {*}
  • Plus sign {+}
  • Equals sign {=}
Avoid trouble: These are all ASCII characters. Non-ASCII characters are not allowed for a username or password.
If you plan on using a non-ASCII based encoding, ensure your Java Virtual Machine has the correct generic arguments specific for the non-ASCII based encoding. For example, for UTF-8 encoding, the following two parameters should be added to the Java Virtual Machine generic arguments for WebSphere Portal: -Dfile.encoding=UTF-8 and -Dclient.encoding.override=UTF-8.
For Linux operating systemFor UNIX operating systemNote: Some tasks might require you to enter the fully qualified user ID. If your fully qualified user ID contains a space; for example: cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com, you must place the fully qualified user ID in the properties file or into a parent properties file instead of as a flag on the command line. For example, create a parent properties file called mysecurity.properties, enter the fully qualified user ID, and then run the task: ./ConfigEngine.sh task_name -DparentProperties=/opt/mysecurity.properties.
For Windows operating systemNote: Some tasks may require you to enter the fully qualified user ID. If your fully qualified user ID contains a space; for example: cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com, you must place quotes around the fully qualified user ID before running the task; for example, "cn=wpsadmin,cn=users,l=SharedLDAP,c=US,ou=Lotus,o=Software Group,dc=ibm,dc=com".
The following table contains a list of the required fields on the user information form and the supported characters.
Table 1. Valid characters and unsupported characters for user information
User information Valid characters Unsupported characters
User ID
  • Lowercase characters {a-z}
  • Uppercase characters {A-Z}
  • Numbers {0-9}
  • Exclamation point {!}
  • Open parenthesis {(}
  • Close parenthesis {)}
  • Dash {-}; this character is not supported as the first character in the user ID or password
  • Period {.}; this character is not supported as the first character in the user ID or password
  • Question mark {?}
  • Open bracket {[}
  • Close bracket {]}
  • Underscore {_}; this is the only supported special character in IBM i
  • Grave accent {`}
  • Tilde {~}
  • Semicolon {;}
  • Colon {:}
  • Exclamation mark {!}
  • Commercial at {@} (this character is not supported when creating the cell administrator during installation)
  • Number sign {#}
  • Dollar sign {$}
  • Percent sign {%}
  • Circumflex accent {^}
  • Ampersand {&}
  • Asterisk {*}
  • Plus sign {+}
  • Equals sign {=}
Only ASCII characters are allowed.
Other restrictions: The user ID cannot contain spaces; for example, user name.

For Windows operating systemFor AIX operating systemFor Linux operating systemFor Solaris operating systemUser IDs cannot be longer than 200 characters.

If you enter any unsupported characters during the installation, you will receive an error message that states which character is invalid. For example, The special character [@] was found in the administrative user ID field. Enter the administrative user ID again.

Avoid trouble: You receive a different error message if you enter any unsupported characters when creating users through the Manage users and groups portlet.
Password / Confirm password:

For bpm.cell.authenticationAlias:

    Lowercase characters {a-z}
    Uppercase characters {A-Z}
    Numbers {0-9}
    Exclamation point {!}
    Open parenthesis {(}
    Close parenthesis {)}
    Dash {-}; this character is not
supported as the first character in
the user ID or password
    Period {.}; this character is not
supported as the first character in
the user ID or password
    Question mark {?}
    Open bracket {[}
    Close bracket {]}
    Underscore {_}; this is the only
supported special character in
IBM i
    Grave accent {`}
    Tilde {~}
Number sign {#}
Dollar sign {$}
Circumflex accent {^}
Ampersand {&}
Asterisk
{*}
Plus sign {+}
Equals sign {=}

For all other user IDs:

    Lowercase characters {a-z}
    Uppercase characters {A-Z}
    Numbers {0-9}
    Exclamation point {!}
    Open parenthesis {(}
    Close parenthesis {)}
    Dash {-}; this character is not
supported as the first character in
the user ID or password
    Period {.}; this character is not
supported as the first character in
the user ID or password
    Question mark {?}
    Open bracket {[}
    Close bracket {]}
    Underscore {_}; this is the only
supported special character in
IBM i
    Grave accent {`}
    Tilde {~}
    Commercial at {@}
Number sign {#}
Dollar sign {$}
Circumflex accent {^}
Ampersand {&}
Asterisk
{*}
Plus sign {+}
Equals sign {=}

Diacritics, such as the umlaut, and DBCS characters are not allowed.
Other restrictions: The password cannot contain spaces; for example, pass word.

For Windows operating systemFor AIX operating systemFor Linux operating systemFor Solaris operating systemPasswords cannot be longer than 128 characters.

Avoid trouble: Login or ConfigEngine tasks might fail if the password contains any unsupported characters, including DBCS characters. This action happens even if a user is successfully enrolled using a password containing DBCS characters.

If you enter any unsupported characters during the installation, you will receive an error message that states which character is invalid. For example, The special character [@] was found in the password field. Enter the password again.

First Name All characters n/a
Last Name All characters n/a