This comes up fairly often and we are planning to do something about
it. I suggest that you add your feedback here and vote up the JIRA:
On 12/7/2018 5:44 AM, Guilhem Lucas wrote:
Currently, a user choosing a password that violates password policies is
notified for the first failing policy only. The user needs several attempts
to find a valid password by discovering password policies one by one.
I think that this is a bad user experience that could be enhanced by one of
the following improvements.
1 - Display password policies in update password form
Account and login Freemarker template provider could be modified to add a
"policies" attribute in template context. This could be done by completing
the RealmBean object with a passwordPolicies property that contains the
list of enabled password policies.
This new property could then be used in templates to display password
Your password must:
- contain at least one symbol
- contain at least one lower case character
- have 8 characters minimum
- not be equal of any of last 3 passwords
2- Report all failing policies
Templates are already designed to display a list of errors. Instead of stop
password validation on first policy error, it could be possible to continue
validating other policies and return a list of errors. This list can be
added to the template using the existing LoginFormsProvider#setErrors()
Do you plan to add such improvement in a future release?
keycloak-dev mailing list