7:38 a.m.
Hi,
I noticed that password expiry wasn’t working with LDAP. Initially I thought this was
another mapping issue, expecting to need to support a passwordSetAt timestamp or
something, however when I dug into the code I found
ForceExpiredPasswordPolicyProviderFactory had the following:
@Override
public PolicyError validate(RealmModel realm, UserModel user, String password) {
return null;
}
@Override
public PolicyError validate(String user, String password) {
return null;
}
This appears to mean it’s not implemented. Is this the case? Am I looking in the wrong
place?
—
Dan Hardiker | Adaptavist
dhardiker(a)adaptavist.com
Winners of the Atlassian President's Award for Technical Excellence -
http://bit.ly/techexc <http://bit.ly/techexc>
Adaptavist <http://adaptavist.com/>;, Waterside, Unit 2, 44-48 Wharf Road, London, N1
7UX, United Kingdom.
Registered in England and Wales #5456785.
9:13 a.m.
I don't know the exact code, but I suspect
ForceExpiredPasswordPolicyProviderFactory is just there to make it possible
to configure. PasswordPolicy providers in general take action when a
password is updated, not when it's used. As such there is probably
something else that is checking the password is not expired, probably
something hardcoded in the authenticator.
On Thu, 7 Mar 2019 at 14:49, Dan Hardiker <dhardiker(a)adaptavist.com> wrote:
Hi,
I noticed that password expiry wasn’t working with LDAP. Initially I
thought this was another mapping issue, expecting to need to support a
passwordSetAt timestamp or something, however when I dug into the code I
found ForceExpiredPasswordPolicyProviderFactory had the following:
@Override
public PolicyError validate(RealmModel realm, UserModel user, String
password) {
return null;
}
@Override
public PolicyError validate(String user, String password) {
return null;
}
This appears to mean it’s not implemented. Is this the case? Am I looking
in the wrong place?
—
Dan Hardiker | Adaptavist
dhardiker(a)adaptavist.com
Winners of the Atlassian President's Award for Technical Excellence -
http://bit.ly/techexc <http://bit.ly/techexc>
Adaptavist <http://adaptavist.com/>;, Waterside, Unit 2, 44-48 Wharf Road,
London, N1 7UX, United Kingdom.
Registered in England and Wales #5456785.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
2139
days inactive
2139
days old
1 comments
2 participants
participants (2)
-
Dan Hardiker -
Stian Thorgersen