[keycloak-dev] [KEYCLOAK-4052] implementation

Marek Posolda mposolda at redhat.com
Fri Sep 15 04:06:34 EDT 2017


+1 for the config option. Maybe should be disabled by default for 
backwards compatibility?

Will be cool if also implementors of custom UserStorage have an easy way 
to specify whether they want to use Keycloak password policies or not 
(maybe it's available already, I am not 100 % sure).

Marek

On 15/09/17 09:11, Stian Thorgersen wrote:
> * There needs to be a config option whether or not the password policy
> should be considered or not
> * Before trying the password policy you need to check if the credential
> being update is indeed a password and not a different type
> * Tests need to be added (update password success, update password rejected
> due to policy, with/without config password policy check on, updating
> different types of credentials doesn't break, etc.)
>
> On 15 September 2017 at 08:36, Cédric Couralet <cedric.couralet at gmail.com>
> wrote:
>
>> Hi,
>>
>> This place is surely better than a comment in JIRA. I really need this
>> issue to be resolved. I tried a fistr patch quickly, which was
>> rejected[1], but is it possible to verify the credential type befoer
>> the password policy check in UserCredentialStoreManager.java or is it
>> the wrong direction?
>>
>> [1]: https://github.com/keycloak/keycloak/pull/4364/files
>>
>>
>> Regards,
>>
>> --
>>
>> Cédric Couralet
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev




More information about the keycloak-dev mailing list