[keycloak-user] password policy | federation to AD
lists
lists at merit.unu.edu
Mon Aug 21 05:58:14 EDT 2017
Hi Marek,
I have them configured on both, bith sides similar.
We have local users (with "regular" workstations logons, and thus the
password policies as configured in the MSAD side)
And we have users that (almost) never logon locally, but only though
webinterfaces secured by LDAP/OpenID Connect or SAML2. (and so: the
keycloak password policies apply)
We were under the impression that keycloak would help to enforce similar
password policies like this for (mostly) all our users.
So, is this actually expected to land in 3.4? And if yes, since keycloak
is at 3.2, any idication when 3.4 would be available?
MJ
On 21-8-2017 11:39, Marek Posolda wrote:
> Are your password policies configured on MSAD side or on Keycloak side?
>
> KEYCLOAK-4052 is about the password policies are configured on Keycloak
> side, which you want to apply even before sending password_update
> request to LDAP. However if you have password policies configured on
> MSAD side, it won't help you.
>
> Marek
>
>
> On 21/08/17 09:16, mj wrote:
>> Aha, I guess my question is related to my question:
>>
>> https://issues.jboss.org/browse/KEYCLOAK-4052
>>
>> Does the ticket mean that we can expect this to work in 3.4.0?
>>
>> Thanks,
>> MJ
>>
>> On 08/19/2017 12:06 PM, mj wrote:
>>> But when I provide a bad password like "123", I would expect keycloak to
>>> say something like: "ERROR: this password does not meet the password
>>> complexity requirements, please use ..." etc.
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
More information about the keycloak-user
mailing list