[keycloak-dev] Password policy for "password != username"
Juraci Paixão Kröhling
jpkroehling at redhat.com
Thu Mar 12 12:41:25 EDT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All,
I've asked on the IRC channel, but it seems it's better to have a
first discussion here before opening a JIRA and/or sending a PR.
I have a requirement in my application, where the user's passwords
should meet some complexity. The initial rules will be based on
Wildfly's own rules. Two of them I can fulfill via Keycloak, but the
third is: "The password must be different from the username". I
couldn't find a way to do it with the current policy configuration.
So, should this be possible? If so, what would be the syntax? My first
suggestion would be "notUsername()".
Is this acceptable? Should I open a JIRA and send a PR?
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVAcG1AAoJECKM1e+fkPrXMyMH/Ah2zaprgeJMd/S8Pl3kR3A9
Ft7ssejCalbUVWBSHZtQhzUIQKpdeVMs2HWbxOFwSydt+4SezM6SUQ/KpalDksXv
modIFf3/sZbTi1fyY/qTJCB4FVXxoO2s0ajfxF6WH0cidzF3IBqnpe4Zi2P+N/xW
PLOTuZK+uY170fcL1thkHjAyjNFxO1kYwUSvwHZTrg/9H4F08Cb2d26xt6yHwC09
ZPsqa1j2jHYO7m55sGhvkPPhb3DclwZKn0r+sDB2pnTX+VNLl+DioUM1eWAsaFFq
MsxB3J03MD2yDds8sWrxvnk/KVHU5UwlUex9dZPLuH6CBi/OpPw8FRO8cZW931c=
=I7Xg
-----END PGP SIGNATURE-----
More information about the keycloak-dev
mailing list