[keycloak-dev] Configure password policy for realm

Stian Thorgersen stian at redhat.com
Tue Dec 3 08:13:32 EST 2013


I've added an option to configure a password policy for a realm.

The password policy is defined as a single string, for example:

"length and digits and lowerCase and upperCase"

Would require a password of minimum length 8 that contains at least one numerical digit, one lower case and one upper case.

The available policies at the moment are:

* length
* digits
* lowerCase
* upperCase
* specialChars

All take an optional single integer argument, for example:

"length(12) and specialChars(2)"

Would require a password of minimum length 12 that contains at least 2 special characters.

The only operator supported (at least at the moment) is 'and', so you couldn't for example have a policy that is:

"length(24) or ( length(12) and specialChars(4) )"

This is just something minimal for M1 and we can tweak it later. One thing that is quite common is to make sure it doesn't contain words from the dictionary for example.

Villiam is working on improving the way it's defined in the admin console to make it more user friendly (and less error prone).


More information about the keycloak-dev mailing list