[keycloak-user] Multiple password policies

[Marek Posolda]

No, neither of the things you mentioned is available OOTB.

I wonder that we may need something like FilterPasswordPolicy, which 
will allow to configure child/delegate password policy and the filter 
(for example with usage of the scripting engine like our 
ScriptBasedAuthenticator is using)? The filter may allow you to specify 
for example that:
- User in role "admin" must have password of at least 10 characters
- User, who is not in the role "admin" must have password of at least 7 
characters

etc.

Fact is, that it's not available OOTB at this moment. You may either try 
to create some custom PasswordPolicyProvider(s) by yourself. Or you can 
try to contribute something generic (like the FilterPasswordPolicy 
provider I mentioned above) and contribute to Keycloak?

Marek


On 17/08/18 12:32, Jamie McDowell wrote:
> Hi,
> Further to my email below can you have a password policy assigned to a realm role?
>
> Regards,
> Jamie
>
>      On Thursday, 16 August 2018, 15:32:22 BST, Jamie McDowell <jambo_mcd at yahoo.co.uk> wrote:
>   
>   Hi,
>
> Can you have multiple password policies on the same realm where you are using an LDAP instance (Federated)
> We have Keycloak set up federating to an OpenLDAP server. On the LDAP server we have 2 OU's, 1 for users and the other for service accounts - Both of these need to have different passwords such as length and complexity.
> We have the password policy defined on the OpenLDAP. Can Keycloak have multiple policies?
> Has anyone configured this before or can suggest alternatives?
> Regards,
> Jamie
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user