[keycloak-user] keycloak password policy and ldap
Sebastian Perkins - Hoist Group - Switzerland
sebastian.perkins at hoistgroup.com
Sat May 12 09:46:16 EDT 2018
Hello,
We have integrated keycloak 3.2 with our ldap backend via 4 federations (different filters to extract users).
Our next goal is to use keycloak as a central password reset : this also works fine.
The next step is to enforce policy in keycloak and not use the ldap one. For this, we have created a simple policy (6 chars mini).
2 of the federations are blocked by this (if we add a non compliant password) but not the 2 others : they seem to ignore the policy, what I don't really understand as the system should store all the policy info locally.
As the passwords get updated the federations are correctly set up (ldapsearch checked).
I even tried to force a password reset to a user as described in the docs after a policy change, but it still gets through.
Am I missing some configuration ?
Thanks for the help and guidance !
Sebastian
More information about the keycloak-user
mailing list