I don't know the answer, but: would it be valid to have a SSO solution in the first place, when the applications have conflicting password policies?

APP-A: You can't log in like that! I don't trust you, go away!

APP-B: Sure, come on in!

APP-A: Ah, I see you're a perfectly trusted user now!

- Guus

On 11 April 2016 at 19:37, Richard Lavallee <rllavallee@hotmail.com> wrote:

Does anyone know the answer to this?

A keycloak admin may want to enforce a specific password policy for one APP but a different (and conflicting) password policy for another APP.

E.g. first policy requires one special character whereas second policy prohibits any special character. Is this supportable in Keycloak? I am thinking that two realms could be defined to do this but wouldn't that defeat single-sign-on across the realms? Any thoughts?

-Richard

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user