AFAIK 4 can be done through BruteForce protector. See the admin console
brute force settings (It's in different place then password policies).
For 1,2,3 you would need to implement custom password policies.
PasswordPolicy is an SPI, so you can add new providers to existing ones.
See our documentation for SPI and providers and also the
keycloak-examples distribution and especially the directory "providers".
Marek
On 01/09/17 15:26, Krishna Kuntala wrote:
We have following requirements w.r.t. password policies. I am not
sure
whether we would be able to add custom password policies. If yes, how to
define custom policies?
1. Password max length should be 16
2. Only allow 2 repeating characters
3. Satisfy 3 out of 4 password criterias mentioned in
"Authentication->Password Policy"
4. Lock account for 1 hour after 3 failed login attempts
Please let me know whether these requirements can be configured from the UI
or do I need to implement some code to achieve this?
Thanks and Regards,
Krishna Kuntala
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user