<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><blockquote class="ecxgmail_quote" style="border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex;"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 12.8px; background-color: rgb(255, 255, 255);"><ul><li style="color: rgb(11, 83, 148);"><span style="color: rgb(34, 34, 34); font-size: 12.8px;">Password should not have consecutive letters</span></li></ul></div></div></div></div></blockquote><div><span style="font-size: 12pt;">Maybe, if you can come up with a way to write that as regex (probably not though). We'll add ability to create custom password policies in the future though.</span> </div><div><br></div><div>Wouldn't the below suffice for regex? Thus avoiding needing custom work for the short-term?</div><div><br></div><div>forward = "ab|bc|cd|de|ef|fg|gh|hi|ij|jk|kl|lm|mn|no|op|pq|qr|rs|st|tu|uv|vw|wx|xy|yz",</div><div> backward = "zy|yx|xw|wv|vu|ut|ts|sr|rq|qp|po|on|nm|ml|lk|kj|ji|ih|hg|gf|fe|ed|dc|cb|ba",</div><div> regex = "(" + forward + "|" + backward + ")+"; </div><div><br></div><br><div><hr id="stopSpelling">Date: Tue, 12 Apr 2016 06:37:41 +0200<br>Subject: Re: [keycloak-user] Question re Keycloak password / session ploicies<br>From: sthorger@redhat.com<br>To: rllavallee@hotmail.com<br>CC: keycloak-user@lists.jboss.org<br><br><div dir="ltr"><br><div class="ecxgmail_extra"><br><div class="ecxgmail_quote">On 11 April 2016 at 20:49, Richard Lavallee <span dir="ltr"><<a href="mailto:rllavallee@hotmail.com" target="_blank">rllavallee@hotmail.com</a>></span> wrote:<br><blockquote class="ecxgmail_quote" style="border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex;">
<div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">Does Keycloak support the following requirements?</div><div dir="ltr"><br></div><div dir="ltr"><div style="font-family:arial,sans-serif;font-size:12.8px;color:rgb(11,83,148);background-color:rgb(255,255,255);"><b>Password:</b></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255);"><ul><li style="color:rgb(11,83,148);"><span style="color:rgb(34,34,34);font-size:12.8px;">Password should be changed in every 60 days (configurable)</span></li></ul></div></div></div></div></div></div></div></blockquote><div>Yes </div><blockquote class="ecxgmail_quote" style="border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex;"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255);"><ul><li style="color:rgb(11,83,148);"><span style="color:rgb(34,34,34);font-size:12.8px;">If user enters password wrong three times account is locked out for 15 min (configurable)</span></li></ul></div></div></div></div></div></div></div></blockquote><div>Yes </div><blockquote class="ecxgmail_quote" style="border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex;"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255);"><ul><li style=""><span style="font-size:12.8px;">Password chosen should not be previous 24 passwords</span></li></ul></div></div></div></div></div></div></div></blockquote><div>Yes </div><blockquote class="ecxgmail_quote" style="border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex;"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255);"><ul><li style=""><span style="font-size:12.8px;">Password should have a letter and a number</span></li></ul></div></div></div></div></div></div></div></blockquote><div>Yes </div><blockquote class="ecxgmail_quote" style="border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex;"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255);"><ul><li style="color:rgb(11,83,148);"><span style="color:rgb(34,34,34);font-size:12.8px;">Password should not have consecutive letters</span></li></ul></div></div></div></div></div></div></div></blockquote><div>Maybe, if you can come up with a way to write that as regex (probably not though). We'll add ability to create custom password policies in the future though.</div><blockquote class="ecxgmail_quote" style="border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex;"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255);"><ul><li style="color:rgb(11,83,148);"><br></li></ul></div><div style="font-family:arial,sans-serif;font-size:12.8px;color:rgb(11,83,148);background-color:rgb(255,255,255);"><b>Inactivity:</b></div><div style="font-family:arial,sans-serif;font-size:12.8px;color:rgb(11,83,148);background-color:rgb(255,255,255);"><ul><li style=""><span style="color:rgb(34,34,34);font-size:12.8px;">Application session inactivity - default is 45 minutes (can be configured)</span></li></ul></div></div></div></div></div></div></div></blockquote><div>Yes, you can configure idle timeout for a session. Idle for a session is if there are no app logins or token refreshes </div><blockquote class="ecxgmail_quote" style="border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex;"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div style="font-family:arial,sans-serif;font-size:12.8px;color:rgb(11,83,148);background-color:rgb(255,255,255);"><ul><li style=""><span style="color:rgb(34,34,34);font-size:12.8px;">Account inactivity - account inactivity is 30 days default (configurable)</span></li></ul></div></div></div></div></div></div></div></blockquote><div>Yes </div><blockquote class="ecxgmail_quote" style="border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex;"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span><font color="#888888"><div><br></div><div>-Richard</div><div><br></div><div><br></div><div><br></div> </font></span></div></div> </div></div> </div></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div></div></div> </div></body>
</html>