On 13 April 2016 at 21:48, Richard Lavallee <rllavallee@hotmail.com> wrote:I appreciate your patience, Stian,is the below list also supported by Keycloak?
Do you want to enable password aging? Yes
Select the number of days before password must be changed. Yes
Do you want to enable session timeouts? Yes
Enforce password complexity rules Depends what the rules are ;)
Minimum password length Yes
Block reuse of how many recent passwords Yes
Block change of new passwords for how many days? No, you can create a JIRA for this one though
Force change of new account passwords on first login? Yes
Select amount of time before session will be terminated. Yes
Do you want to check for common passwords? No, we really should have this one. JIRA please
Inactivate user after how many days of inactivity?
Number of failed login attempts to allow before temporary lockout Yes
Number of minutes to block user after failed login attempts Yes
Date: Wed, 13 Apr 2016 20:47:37 +0200
Subject: RE: [keycloak-user] Question re Keycloak password / session ploicies
From: sthorger@redhat.com
To: rllavallee@hotmail.com
CC: stian@redhat.com; keycloak-user@lists.jboss.orgNope, that one is not there. You can add a jira request for it.
On 13 Apr 2016 20:46, "Richard Lavallee" <rllavallee@hotmail.com> wrote:Is the below policy supported in Keycloak? If not can it be done in some custom way?
You are only allowed to change your password every 30 days
Date: Wed, 13 Apr 2016 20:42:20 +0200
Subject: RE: [keycloak-user] Question re Keycloak password / session ploicies
From: sthorger@redhat.com
To: rllavallee@hotmail.com
CC: stian@redhat.com; keycloak-user@lists.jboss.orgSure, but it would be a rather lengthy one.
On 13 Apr 2016 17:18, "Richard Lavallee" <rllavallee@hotmail.com> wrote:Thanks. But even for repetitive letters such as "aaaa"I could still devise a regex such as "xx" | "xX" | "Xx" | "XX", yes?
Date: Wed, 13 Apr 2016 06:47:09 +0200
Subject: Re: [keycloak-user] Question re Keycloak password / session ploicies
From: sthorger@redhat.com
To: rllavallee@hotmail.com
CC: keycloak-user@lists.jboss.orgThat'd do it. I got confused and thought you didn't want to repetitive letters.On 12 April 2016 at 19:32, Richard Lavallee <rllavallee@hotmail.com> wrote:
- Password should not have consecutive letters
Maybe, if you can come up with a way to write that as regex (probably not though). We'll add ability to create custom password policies in the future though.Wouldn't the below suffice for regex? Thus avoiding needing custom work for the short-term?forward = "ab|bc|cd|de|ef|fg|gh|hi|ij|jk|kl|lm|mn|no|op|pq|qr|rs|st|tu|uv|vw|wx|xy|yz",backward = "zy|yx|xw|wv|vu|ut|ts|sr|rq|qp|po|on|nm|ml|lk|kj|ji|ih|hg|gf|fe|ed|dc|cb|ba",regex = "(" + forward + "|" + backward + ")+";
Date: Tue, 12 Apr 2016 06:37:41 +0200
Subject: Re: [keycloak-user] Question re Keycloak password / session ploicies
From: sthorger@redhat.com
To: rllavallee@hotmail.com
CC: keycloak-user@lists.jboss.orgOn 11 April 2016 at 20:49, Richard Lavallee <rllavallee@hotmail.com> wrote:Does Keycloak support the following requirements?Password:
- Password should be changed in every 60 days (configurable)
Yes
- If user enters password wrong three times account is locked out for 15 min (configurable)
Yes
- Password chosen should not be previous 24 passwords
Yes
- Password should have a letter and a number
Yes
- Password should not have consecutive letters
Maybe, if you can come up with a way to write that as regex (probably not though). We'll add ability to create custom password policies in the future though.
- Application session inactivity - default is 45 minutes (can be configured)
Yes, you can configure idle timeout for a session. Idle for a session is if there are no app logins or token refreshes
- Account inactivity - account inactivity is 30 days default (configurable)
Yes-Richard
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user