Re: [keycloak-dev] [KEYCLOAK-4052] implementation
+1 for the config option. Maybe should be disabled by default for
backwards compatibility?
Will be cool if also implementors of custom UserStorage have an easy way
to specify whether they want to use Keycloak password policies or not
(maybe it's available already, I am not 100 % sure).
Marek
On 15/09/17 09:11, Stian Thorgersen wrote:
* There needs to be a config option whether or not the password
policy
should be considered or not
* Before trying the password policy you need to check if the credential
being update is indeed a password and not a different type
* Tests need to be added (update password success, update password rejected
due to policy, with/without config password policy check on, updating
different types of credentials doesn't break, etc.)
On 15 September 2017 at 08:36, Cédric Couralet <cedric.couralet(a)gmail.com>
wrote:
> Hi,
>
> This place is surely better than a comment in JIRA. I really need this
> issue to be resolved. I tried a fistr patch quickly, which was
> rejected[1], but is it possible to verify the credential type befoer
> the password policy check in UserCredentialStoreManager.java or is it
> the wrong direction?
>
> [1]: https://github.com/keycloak/keycloak/pull/4364/files
>
>
> Regards,
>
> --
>
> Cédric Couralet
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev