11:22 a.m.
Hi,
We would like to also prevent passwords *containing* the username, to
also prevent passwords like Username_1980
The regular password policy "Not Username" only matches exact
"username", rather than anything containing the username.
Would it be possible to create a regex password policy to match a
password *containing* the username? But I don't think this is possible..?
Or perhaps I could file a feature request to change the current policy
into "Not containing username"?
MJ
3:01 p.m.
Yes, you can. You can also create your own password policy like that, as
PasswordPolicy is puggable SPI. See our documentation (Server Developer
Guide) and example providers (Directory "providers" of keycloak-examples
distribution. We may also have some quickstarts...)
Marek
On 24/01/18 11:22, lists wrote:
Hi,
We would like to also prevent passwords *containing* the username, to
also prevent passwords like Username_1980
The regular password policy "Not Username" only matches exact
"username", rather than anything containing the username.
Would it be possible to create a regex password policy to match a
password *containing* the username? But I don't think this is possible..?
Or perhaps I could file a feature request to change the current policy
into "Not containing username"?
MJ
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2556
days inactive
2557
days old
1 comments
2 participants
participants (2)
-
lists -
Marek Posolda