[keycloak-user] Forced password change for service accounts

Marek Posolda mposolda at redhat.com
Mon May 9 09:51:05 EDT 2016 

If I understand correctly, you configured password policy 
"ForceExpiredPasswordChange" in Keycloak and after that period, you are 
seeing that keycloak requires changing password from serviceAccount 
user? This looks like a bug, serviceAccount users shouldn't be subject 
to password policy. Not even sure how is that possible...

Feel free to create JIRA for this. Ideally with describing a bit more 
details (how you configured passwordPolicy, how you use serviceAccount, 
at which stage you see an issue, stacktrace (if present) etc. Thanks!
Marek

On 09/05/16 15:13, Kevin Thorpe wrote:
> Hi, we've just hit an issue where Keycloak was requiring a password 
> change on a service account. We have addressed this by changing the 
> password and also on the client service. We do though need to handle 
> this before it all falls over as we missed a reporting run last night 
> and breached our SLA with our client.
>
> What would be best practice for this? I'm thinking best to enforce 
> rollover but we need a report on which service passwords are going to 
> require reset. Is there any way to do that?
>
> *Kevin Thorpe*
> VP Enterprise Platform
>
> www.p-i.net <http://www.p-i.net/> | @PI_150 <https://twitter.com/@PI_150>
>
> *T: +44 (0)20 3005 6750 <tel:%2B44%20%280%2920%203005%206750>  | F: 
> +44(0)20 7730 2635 <tel:%2B44%280%2920%207730%202635>  | T: +44 (0)808 
> 204 0344 <tel:%2B44%20%280%29808%20204%200344> *
> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>
>
> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>
> ____________________________________________________________________
>
> This email and any files transmitted with it are confidential and 
> intended solely for the use of the individual or entity to whom they 
> are addressed. If you have received this email in error please notify 
> the system manager. This message contains confidential information and 
> is intended only for the individual named. If you are not the named 
> addressee you should not disseminate, distribute or copy this e-mail. 
> Please notify the sender immediately by e-mail if you have received 
> this e-mail by mistake and delete this e-mail from your system. If you 
> are not the intended recipient you are notified that disclosing, 
> copying, distributing or taking any action in reliance on the contents 
> of this information is strictly prohibited.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160509/fa3d6381/attachment.html

More information about the keycloak-user mailing list