[keycloak-dev] Adding a validate password endpoint in the Admin API
Wim Vandenhaute
wim.vandenhaute at gmail.com
Tue Jun 27 09:29:48 EDT 2017
This does not validate the password as in checking if it is the same as the
user's current one but only checks if a new password might violate the
realm's password policies or not so I do not really see an issue here to be
honest.
On Tue, Jun 27, 2017 at 2:52 PM Bruno Oliveira <bruno at abstractj.org> wrote:
> If I understood correctly, the password could be provided here
> https://github.com/keycloak/keycloak/pull/4229/files#diff-2d5026806b9f86138813c99521f40597R782,
> right? If yes. I could implement my own password validator web app to
> validate passwords and interact with KC. Now, instead of worry with the
> call between the client and KC server, I could have a third server to worry
> about or a shell script. Because it's possible.
>
> Instead of targeting Keycloak only (which is built with security in mind),
> now people could target my password validation app (not so concerned with
> security). This is just an example, and I'm not saying this is the end of
> the world. What I'm saying that this opens a new door for people to be
> creative.
>
> On Tue, Jun 27, 2017 at 4:51 AM Wim Vandenhaute <wim.vandenhaute at gmail.com>
> wrote:
>
>> Hello list,
>>
>> Via an admin portal of a customer I am working for, they provide a feature
>> where an admin can edit the user's data, including setting a new password.
>>
>> For the sake of atomicity, all update steps first go through a series of
>> validations for all modified data before actually committing the changes
>> and (if needed) updating the keycloak password
>>
>> At the moment, there is no way to pre-update do a validity check of the
>> updated password against keycloak's configured password policy(ies)
>>
>> Therefor I would propose to have a validate-password endpoint in the Admin
>> API.
>>
>> I've made a pull request already here:
>> * https://github.com/keycloak/keycloak/pull/4229
>>
>> Any thoughts on this?
>>
>> Kind regards,
>> Wim
>>
> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
More information about the keycloak-dev
mailing list