Our realms are isolated from one another so I wouldn't recommend having
2 realms if at all possible.
We don't have per client password policies. We do have "service
accounts" now. A service account belongs to a client. Client can use
this to interact with admin console or other services.
On 10/14/2015 11:09 AM, Sebastian Olscher wrote:
Hi guys,
is there any way to configure different password policies for different
kind of users in one realm?
We´re dealing with the following use case: Two different types of users:
one represents human users, who are able to login via a login page. The
second represents other applications which do a system to system
communication without login via a login page . For human users we want
to specify the policy that they have to change their password at least
all 90 days. User which were used for other applications (machine to
machine communication) were not able to change their password. So we
want to define this policy is only for human users.
I can´t find a possibility to distinguish between user types, so our
idea was to use two separated realms. I can add user from type A to
Realm 1 and user from type B to Realm 2 and with that, I´m able to
configure different password policies for both groups. But at the end if
both user types have access to the same client, I have to configure the
same client with all its roles in both realms identically to add roles
of this client to users within this realm.
What would be your recommendation to fulfil the requirement described in
the use case?
Thanks for your help,
Sebastian
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com