[keycloak-user] password policy | Not (containing) Username
Marek Posolda
mposolda at redhat.com
Thu Jan 25 09:01:21 EST 2018
Yes, you can. You can also create your own password policy like that, as
PasswordPolicy is puggable SPI. See our documentation (Server Developer
Guide) and example providers (Directory "providers" of keycloak-examples
distribution. We may also have some quickstarts...)
Marek
On 24/01/18 11:22, lists wrote:
> Hi,
>
> We would like to also prevent passwords *containing* the username, to
> also prevent passwords like Username_1980
>
> The regular password policy "Not Username" only matches exact
> "username", rather than anything containing the username.
>
> Would it be possible to create a regex password policy to match a
> password *containing* the username? But I don't think this is possible..?
>
> Or perhaps I could file a feature request to change the current policy
> into "Not containing username"?
>
> MJ
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list