<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">If I understand correctly, you
configured password policy "ForceExpiredPasswordChange" in
Keycloak and after that period, you are seeing that keycloak
requires changing password from serviceAccount user? This looks
like a bug, serviceAccount users shouldn't be subject to password
policy. Not even sure how is that possible...<br>
<br>
Feel free to create JIRA for this. Ideally with describing a bit
more details (how you configured passwordPolicy, how you use
serviceAccount, at which stage you see an issue, stacktrace (if
present) etc. Thanks!<br>
Marek<br>
<br>
On 09/05/16 15:13, Kevin Thorpe wrote:<br>
</div>
<blockquote
cite="mid:CAFMa6BbK+WDHsepcPy72y6HxaR7KAsff+O4mab_76bxqvdWQiw@mail.gmail.com"
type="cite">
<div dir="ltr">Hi, we've just hit an issue where Keycloak was
requiring a password change on a service account. We have
addressed this by changing the password and also on the client
service. We do though need to handle this before it all falls
over as we missed a reporting run last night and breached our
SLA with our client.
<div><br>
</div>
<div>What would be best practice for this? I'm thinking best to
enforce rollover but we need a report on which service
passwords are going to require reset. Is there any way to do
that?<br clear="all">
<div>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div>
<div style="color:rgb(0,0,0);font-size:12.8px">
<div><font face="verdana, sans-serif"><b>Kevin
Thorpe</b></font></div>
<div style="font-family:'Times New Roman'">VP
Enterprise Platform</div>
<div style="font-family:'Times New Roman'"><img
moz-do-not-send="true"
src="http://i.imgur.com/8UeC1YO.png"
height="96" width="96"><br>
</div>
<div style="font-family:'Times New Roman'"><a
moz-do-not-send="true"
href="http://www.p-i.net/"
style="color:rgb(17,85,204);line-height:18.6311px"
target="_blank"><a class="moz-txt-link-abbreviated" href="http://www.p-i.net">www.p-i.net</a></a> | <a
moz-do-not-send="true"
href="https://twitter.com/@PI_150"
style="color:rgb(17,85,204);line-height:18.6311px"
target="_blank">@PI_150</a></div>
<br>
<b style="font-family:'Times New Roman'">T: <a
moz-do-not-send="true"
href="tel:%2B44%20%280%2920%203005%206750"
value="+442030056750"
style="color:rgb(17,85,204)"
target="_blank">+44 (0)20 3005 6750</a> |
F: <a moz-do-not-send="true"
href="tel:%2B44%280%2920%207730%202635"
value="+442077302635"
style="color:rgb(17,85,204)"
target="_blank">+44(0)20 7730 2635</a> |
T: <a moz-do-not-send="true"
href="tel:%2B44%20%280%29808%20204%200344"
value="+448082040344"
style="color:rgb(17,85,204)"
target="_blank">+44 (0)808 204 0344</a> </b><br>
<b style="font-family:'Times New Roman'"><font
color="#515151">150 Buckingham Palace
Road, London, SW1W 9TR, UK</font></b><font
face="Times New Roman"> </font><br>
<br>
<div style="font-family:'Times New Roman'"><a
moz-do-not-send="true"><img
moz-do-not-send="true"
src="https://clients.p-i.net/documents/11003/1116416/BSI-UKAS.logo_150.png"
height="40px"></a> <a
moz-do-not-send="true"><img
moz-do-not-send="true"
src="https://clients.p-i.net/documents/11003/1116416/ISO27001.logo_150.png"
height="40px"></a> <a
moz-do-not-send="true"><img
moz-do-not-send="true"
src="https://clients.p-i.net/documents/11003/1116416/QMS.logo_150.png"
height="40px"></a> <a
moz-do-not-send="true"><img
moz-do-not-send="true"
src="https://clients.p-i.net/documents/11003/1116416/pci.logo_150.png"
height="40px"></a></div>
</div>
<div style="color:rgb(0,0,0);font-family:'Times
New Roman';font-size:medium"><br>
<b><span style="color:rgb(106,168,79)">SAVE
PAPER - THINK BEFORE YOU PRINT!</span></b>
<p><font size="1">____________________________________________________________________</font></p>
<p style="color:rgb(34,34,34)"><font size="1">This
email and any files transmitted with it
are confidential and intended solely for
the use of the individual or entity to
whom they are addressed. If you have
received this email in error please notify
the system manager. This message contains
confidential information and is intended
only for the individual named. If you are
not the named addressee you should not
disseminate, distribute or copy this
e-mail. Please notify the sender
immediately by e-mail if you have received
this e-mail by mistake and delete this
e-mail from your system. If you are not
the intended recipient you are notified
that disclosing, copying, distributing or
taking any action in reliance on the
contents of this information is strictly
prohibited.</font></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>