I checked it again and the password policy is enforced :) I accidently set its value to 1
so it didn't do anything (maybe a UI warning should be added).
However when failing on the password reset from the admin API due to the policy I am
getting - javax.ws.rs.BadRequestException: HTTP 400 Bad Request, while I was expecting
something like - password history exception or something like that.
Any idea how I can notify the user that its password was already used ?
Thanks,
Haim.
From: Haim Vana
Sent: Tuesday, November 29, 2016 5:47 PM
To: keycloak-user(a)lists.jboss.org
Cc: Boaz Hamo <boazh(a)perfectomobile.com>; Moshe Ben-Shoham
<mosheb(a)perfectomobile.com>
Subject: Password policy when password is updated using admin API
Hi,
Currently Keycloak is not exposed directly to our customers, hence all user operations are
being done in our application background using the admin API.
We noticed that when changing user password from the admin API the password policy is not
enforced, for example when setting password history policy.
Can you please advise if is it by design ?
If so do you have any suggestion how to handle the password policy in our case (using the
admin API we can't get the user current or previous passwords) ?
Thanks,
Haim.
The information contained in this message is proprietary to the sender, protected from
disclosure, and may be privileged. The information is intended to be conveyed only to the
designated recipient(s) of the message. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, use, distribution or copying of
this communication is strictly prohibited and may be unlawful. If you have received this
communication in error, please notify us immediately by replying to the message and
deleting it from your computer. Thank you.
Show replies by date