[keycloak-dev] [KEYCLOAK-4052] implementation

Cédric Couralet cedric.couralet at gmail.com
Fri Sep 15 04:18:50 EDT 2017


thank you.

What I'm thinking now is :
 - adding a method in CredentialInputUpdater (veryPasswordPolicy boolean)
 - using this in updateCredential in UserCredentialStoreManager to
check or not the password policy
 - adding an option in all existing providers provided by default.

This would allow custom providers to use or not the Password Policy.

What do you think?
I'm not sure changing the interface can be done like that, is there
some rules to follow?


2017-09-15 10:06 GMT+02:00 Marek Posolda <mposolda at redhat.com>:
> +1 for the config option. Maybe should be disabled by default for backwards
> compatibility?
>
> Will be cool if also implementors of custom UserStorage have an easy way to
> specify whether they want to use Keycloak password policies or not (maybe
> it's available already, I am not 100 % sure).
>
> Marek
>
>
> On 15/09/17 09:11, Stian Thorgersen wrote:
>>
>> * There needs to be a config option whether or not the password policy
>> should be considered or not
>> * Before trying the password policy you need to check if the credential
>> being update is indeed a password and not a different type
>> * Tests need to be added (update password success, update password
>> rejected
>> due to policy, with/without config password policy check on, updating
>> different types of credentials doesn't break, etc.)
>>
>> On 15 September 2017 at 08:36, Cédric Couralet <cedric.couralet at gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> This place is surely better than a comment in JIRA. I really need this
>>> issue to be resolved. I tried a fistr patch quickly, which was
>>> rejected[1], but is it possible to verify the credential type befoer
>>> the password policy check in UserCredentialStoreManager.java or is it
>>> the wrong direction?
>>>
>>> [1]: https://github.com/keycloak/keycloak/pull/4364/files
>>>
>>>
>>> Regards,
>>>
>>> --
>>>
>>> Cédric Couralet
>>>
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>



More information about the keycloak-dev mailing list