<div dir="ltr">Ah, we were missing something so not a bug. It may be that Keycloak itoo old on that install. It's 1.4.0.final.<div><br></div><div>I've also looked in 1.7.0.final as well and can't see where to turn service accounts on.</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div><br></div><div><div style="color:rgb(0,0,0);font-size:12.8px"><div><font face="verdana, sans-serif"><b>Kevin Thorpe</b></font></div><div style="font-family:'Times New Roman'">VP Enterprise Platform</div><div style="font-family:'Times New Roman'"><img src="http://i.imgur.com/8UeC1YO.png" width="96" height="96"><br></div><div style="font-family:'Times New Roman'"><a href="http://www.p-i.net/" style="color:rgb(17,85,204);line-height:18.6311px" target="_blank">www.p-i.net</a> | <a href="https://twitter.com/@PI_150" style="color:rgb(17,85,204);line-height:18.6311px" target="_blank">@PI_150</a></div><br><b style="font-family:'Times New Roman'">T: <a href="tel:%2B44%20%280%2920%203005%206750" value="+442030056750" style="color:rgb(17,85,204)" target="_blank">+44 (0)20 3005 6750</a> | F: <a href="tel:%2B44%280%2920%207730%202635" value="+442077302635" style="color:rgb(17,85,204)" target="_blank">+44(0)20 7730 2635</a> | T: <a href="tel:%2B44%20%280%29808%20204%200344" value="+448082040344" style="color:rgb(17,85,204)" target="_blank">+44 (0)808 204 0344</a> </b><br><b style="font-family:'Times New Roman'"><font color="#515151">150 Buckingham Palace Road, London, SW1W 9TR, UK</font></b><font face="Times New Roman"> </font><br><br><div style="font-family:'Times New Roman'"><a><img src="https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo_150.png" height="40px"></a> <a><img src="https://clients.p-i.net/documents/11003/1116416/ISO27001.logo_150.png" height="40px"></a> <a><img src="https://clients.p-i.net/documents/11003/1116416/QMS.logo_150.png" height="40px"></a> <a><img src="https://clients.p-i.net/documents/11003/1116416/pci.logo_150.png" height="40px"></a></div></div><div style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium"><br><b><span style="color:rgb(106,168,79)">SAVE PAPER - THINK BEFORE YOU PRINT!</span></b><p><font size="1">____________________________________________________________________</font></p><p style="color:rgb(34,34,34)"><font size="1">This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.</font></p></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On 9 May 2016 at 14:51, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>If I understand correctly, you
configured password policy "ForceExpiredPasswordChange" in
Keycloak and after that period, you are seeing that keycloak
requires changing password from serviceAccount user? This looks
like a bug, serviceAccount users shouldn't be subject to password
policy. Not even sure how is that possible...<br>
<br>
Feel free to create JIRA for this. Ideally with describing a bit
more details (how you configured passwordPolicy, how you use
serviceAccount, at which stage you see an issue, stacktrace (if
present) etc. Thanks!<br>
Marek<div><div class="h5"><br>
<br>
On 09/05/16 15:13, Kevin Thorpe wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div class="h5">
<div dir="ltr">Hi, we've just hit an issue where Keycloak was
requiring a password change on a service account. We have
addressed this by changing the password and also on the client
service. We do though need to handle this before it all falls
over as we missed a reporting run last night and breached our
SLA with our client.
<div><br>
</div>
<div>What would be best practice for this? I'm thinking best to
enforce rollover but we need a report on which service
passwords are going to require reset. Is there any way to do
that?<br clear="all">
<div>
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div>
<div style="color:rgb(0,0,0);font-size:12.8px">
<div><font face="verdana, sans-serif"><b>Kevin
Thorpe</b></font></div>
<div style="font-family:'Times New Roman'">VP
Enterprise Platform</div>
<div style="font-family:'Times New Roman'"><img src="http://i.imgur.com/8UeC1YO.png" height="96" width="96"><br>
</div>
<div style="font-family:'Times New Roman'"><a href="http://www.p-i.net/" style="color:rgb(17,85,204);line-height:18.6311px" target="_blank"></a><a href="http://www.p-i.net" target="_blank">www.p-i.net</a> | <a href="https://twitter.com/@PI_150" style="color:rgb(17,85,204);line-height:18.6311px" target="_blank">@PI_150</a></div>
<br>
<b style="font-family:'Times New Roman'">T: <a href="tel:%2B44%20%280%2920%203005%206750" value="+442030056750" style="color:rgb(17,85,204)" target="_blank">+44 (0)20 3005 6750</a> |
F: <a href="tel:%2B44%280%2920%207730%202635" value="+442077302635" style="color:rgb(17,85,204)" target="_blank">+44(0)20 7730 2635</a> |
T: <a href="tel:%2B44%20%280%29808%20204%200344" value="+448082040344" style="color:rgb(17,85,204)" target="_blank">+44 (0)808 204 0344</a> </b><br>
<b style="font-family:'Times New Roman'"><font color="#515151">150 Buckingham Palace
Road, London, SW1W 9TR, UK</font></b><font face="Times New Roman"> </font><br>
<br>
<div style="font-family:'Times New Roman'"><a><img src="https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo_150.png" height="40px"></a> <a><img src="https://clients.p-i.net/documents/11003/1116416/ISO27001.logo_150.png" height="40px"></a> <a><img src="https://clients.p-i.net/documents/11003/1116416/QMS.logo_150.png" height="40px"></a> <a><img src="https://clients.p-i.net/documents/11003/1116416/pci.logo_150.png" height="40px"></a></div>
</div>
<div><br>
<b><span style="color:rgb(106,168,79)">SAVE
PAPER - THINK BEFORE YOU PRINT!</span></b>
<p><font size="1">____________________________________________________________________</font></p>
<p style="color:rgb(34,34,34)"><font size="1">This
email and any files transmitted with it
are confidential and intended solely for
the use of the individual or entity to
whom they are addressed. If you have
received this email in error please notify
the system manager. This message contains
confidential information and is intended
only for the individual named. If you are
not the named addressee you should not
disseminate, distribute or copy this
e-mail. Please notify the sender
immediately by e-mail if you have received
this e-mail by mistake and delete this
e-mail from your system. If you are not
the intended recipient you are notified
that disclosing, copying, distributing or
taking any action in reliance on the
contents of this information is strictly
prohibited.</font></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div>