Hi,

Our users are User Acceptance Testing a Keycloak secured website. We have defined strong password rules.

Our users reported:

“Staff have requested some modifications to how password validation is presented to the user. Right now if a user submits a password that does not meet all criteria, such as requiring both an Upper case letter and a number, it will not tell you that both are required, just that and Upper case letter is required. When that is added, THEN it will notify you that a number is also needed.

Staff would like the error message to note all issues with the submitted password, or otherwise note somewhere on the Change Password screen what all the criteria for a proper password are, so the user does not have to guess.”

We could update the template to include all the rules. That is probably the quickest.

Is it possible for Keycloak to return all the unsuccessful rules when it validates a password?

Thanks!

Dave

Dave Everson \| DIVISION OF ENVIRONMENTAL HEALTH MN.IT Services @ mINNESOTA dEPARTMENT OF hEALTH 651-201-5146 (w) \| david.everson@state.mn.us
	Information Technology for Minnesota Government \| mn.gov/oet

Dave Everson | DIVISION OF ENVIRONMENTAL HEALTH

MN.IT Services @ mINNESOTA dEPARTMENT OF hEALTH

651-201-5146 (w) | david.everson@state.mn.us

Information Technology for Minnesota Government | mn.gov/oet