8:26 a.m.
We have following requirements w.r.t. password policies. I am not sure
whether we would be able to add custom password policies. If yes, how to
define custom policies?
1. Password max length should be 16
2. Only allow 2 repeating characters
3. Satisfy 3 out of 4 password criterias mentioned in
"Authentication->Password Policy"
4. Lock account for 1 hour after 3 failed login attempts
Please let me know whether these requirements can be configured from the UI
or do I need to implement some code to achieve this?
Thanks and Regards,
Krishna Kuntala
10:27 a.m.
AFAIK 4 can be done through BruteForce protector. See the admin console
brute force settings (It's in different place then password policies).
For 1,2,3 you would need to implement custom password policies.
PasswordPolicy is an SPI, so you can add new providers to existing ones.
See our documentation for SPI and providers and also the
keycloak-examples distribution and especially the directory "providers".
Marek
On 01/09/17 15:26, Krishna Kuntala wrote:
We have following requirements w.r.t. password policies. I am not
sure
whether we would be able to add custom password policies. If yes, how to
define custom policies?
1. Password max length should be 16
2. Only allow 2 repeating characters
3. Satisfy 3 out of 4 password criterias mentioned in
"Authentication->Password Policy"
4. Lock account for 1 hour after 3 failed login attempts
Please let me know whether these requirements can be configured from the UI
or do I need to implement some code to achieve this?
Thanks and Regards,
Krishna Kuntala
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
5:03 a.m.
Thanks Marek for your inputs.
I have successfully implemented #1, 2 & 4 now. I am not sure how should I
proceed with #3 requirement.
Thanks in advance.
Thanks and Regards,
Krishna Kuntala
Mob: +447550323307
On Mon, Sep 4, 2017 at 4:27 PM, Marek Posolda <mposolda(a)redhat.com> wrote:
AFAIK 4 can be done through BruteForce protector. See the admin
console
brute force settings (It's in different place then password policies).
For 1,2,3 you would need to implement custom password policies.
PasswordPolicy is an SPI, so you can add new providers to existing ones.
See our documentation for SPI and providers and also the keycloak-examples
distribution and especially the directory "providers".
Marek
On 01/09/17 15:26, Krishna Kuntala wrote:
> We have following requirements w.r.t. password policies. I am not sure
> whether we would be able to add custom password policies. If yes, how to
> define custom policies?
>
> 1. Password max length should be 16
> 2. Only allow 2 repeating characters
> 3. Satisfy 3 out of 4 password criterias mentioned in
> "Authentication->Password Policy"
> 4. Lock account for 1 hour after 3 failed login attempts
>
> Please let me know whether these requirements can be configured from the
> UI
> or do I need to implement some code to achieve this?
>
> Thanks and Regards,
> Krishna Kuntala
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
3162
days inactive
3168
days old
2 comments
2 participants
participants (2)
-
Krishna Kuntala -
Marek Posolda