[keycloak-user] Password policy update automatic trigger
Wim Vandenhaute
wim.vandenhaute at gmail.com
Wed Mar 13 08:59:46 EDT 2019
Hello list,
In the documentation, it is stated that @
https://www.keycloak.org/docs/latest/server_admin/index.html#_password-policies
"If the password policy is updated, an Update Password action must be set
for every user. An automatic trigger is scheduled as a future enhancement."
I was wondering if there is any schedule of such a feature in the pipeline?
Related to that, might there be an enhancment in the pipeline to force a
keycloak user to update his password when his current credential violates
the policy?
This if no automatic trigger was done when the password policy was updated.
I realize this can be easily added via a custom user storage provider
implementing the CredentialInputValidator SPI by adding something like
private boolean isValidKeycloakPassword(String username, String password) {
PasswordPolicyManagerProvider provider =
keycloakSession.getProvider(PasswordPolicyManagerProvider.class);
return provider.validate(username, password) == null;
}
But might this not be a valid, possibly configurable, option?
More information about the keycloak-user
mailing list