Re: [keycloak-user] Question re Keycloak password / session ploicies

Thanks. But even for repetitive letters such as "aaaa" I could still devise a regex such as "xx" | "xX" | "Xx" | "XX", yes? ------------------------------ Date: Wed, 13 Apr 2016 06:47:09 +0200 Subject: Re: [keycloak-user] Question re Keycloak password / session ploicies From: sthorger(a)redhat.com To: rllavallee(a)hotmail.com CC: keycloak-user(a)lists.jboss.org That'd do it. I got confused and thought you didn't want to repetitive letters. On 12 April 2016 at 19:32, Richard Lavallee <rllavallee(a)hotmail.com&gt; wrote: - Password should not have consecutive letters Maybe, if you can come up with a way to write that as regex (probably not though). We'll add ability to create custom password policies in the future though. Wouldn't the below suffice for regex? Thus avoiding needing custom work for the short-term? forward = "ab|bc|cd|de|ef|fg|gh|hi|ij|jk|kl|lm|mn|no|op|pq|qr|rs|st|tu|uv|vw|wx|xy|yz", backward = "zy|yx|xw|wv|vu|ut|ts|sr|rq|qp|po|on|nm|ml|lk|kj|ji|ih|hg|gf|fe|ed|dc|cb|ba", regex = "(" + forward + "|" + backward + ")+"; ------------------------------ Date: Tue, 12 Apr 2016 06:37:41 +0200 Subject: Re: [keycloak-user] Question re Keycloak password / session ploicies From: sthorger(a)redhat.com To: rllavallee(a)hotmail.com CC: keycloak-user(a)lists.jboss.org On 11 April 2016 at 20:49, Richard Lavallee <rllavallee(a)hotmail.com&gt; wrote: Does Keycloak support the following requirements? *Password:* - Password should be changed in every 60 days (configurable) Yes - If user enters password wrong three times account is locked out for 15 min (configurable) Yes - Password chosen should not be previous 24 passwords Yes - Password should have a letter and a number Yes - Password should not have consecutive letters Maybe, if you can come up with a way to write that as regex (probably not though). We'll add ability to create custom password policies in the future though. - *Inactivity:* - Application session inactivity - default is 45 minutes (can be configured) Yes, you can configure idle timeout for a session. Idle for a session is if there are no app logins or token refreshes - Account inactivity - account inactivity is 30 days default (configurable) Yes -Richard _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user