<div dir="ltr">A password policy per-app makes no sense in a SSO solution. However, step up authentication does. For example one app requires user to be logged-in with password only, while another requires otp as well. We're planning to add the latter at some point.</div><div class="gmail_extra"><br><div class="gmail_quote">On 11 April 2016 at 19:53, Guus der Kinderen <span dir="ltr"><<a href="mailto:guus.der.kinderen@gmail.com" target="_blank">guus.der.kinderen@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I don't know the answer, but: would it be valid to have a SSO solution in the first place, when the applications have conflicting password policies?<div><br></div><div>APP-A: You can't log in like that! I don't trust you, go away!</div><div>APP-B: Sure, come on in!</div><div>APP-A: Ah, I see you're a perfectly trusted user now!<br><div><br></div><div> - Guus</div></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On 11 April 2016 at 19:37, Richard Lavallee <span dir="ltr"><<a href="mailto:rllavallee@hotmail.com" target="_blank">rllavallee@hotmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
<div><div dir="ltr"><div><br><div dir="ltr">Does anyone know the answer to this?<div><br></div><div><span style="color:rgb(44,45,48);font-family:Slack-Lato,appleLogo,sans-serif;font-size:15px;line-height:22px;background-color:rgb(249,249,249)">A keycloak admin may want to enforce a specific password policy for one APP but a different (and conflicting) password policy for another APP. </span></div><div><span style="color:rgb(44,45,48);font-family:Slack-Lato,appleLogo,sans-serif;font-size:15px;line-height:22px;background-color:rgb(249,249,249)"><br></span></div><div><span style="color:rgb(44,45,48);font-family:Slack-Lato,appleLogo,sans-serif;font-size:15px;line-height:22px;background-color:rgb(249,249,249)">E.g. first policy requires one special character whereas second policy prohibits any special character. Is this supportable in Keycloak? I am thinking that two realms could be defined to do this but wouldn't that defeat single-sign-on across the realms? Any thoughts?</span></div><span><font color="#888888"><div><br></div><div>-Richard</div><div><br></div><div><br></div><div><br></div> </font></span></div></div> </div></div>
<br></div></div>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>