[keycloak-dev] Passay and PasswordPolicy
Thomas Darimont
thomas.darimont at googlemail.com
Thu Sep 21 09:45:19 EDT 2017
Hello,
I just stumbled upon passay [0] which is comprehensive library for
validating passwords against rule based policies and wanted to share my
thoughts.
Perhaps some of the contained rules [1] might be valuable additions to the
existing password policies.
One thing I particularly like is the differentiation between positive
and negative matching rules which make it quite explicit and easy to
express rules.
E.g. instead of crafting a regex like "regex('^[^,&]+$')" to prohibit the
use of characters like "," and "&", one could simply write:
"illegalCharacters(',&')"
Perhaps someone could also come up with a PassayPasswordPolicy provider
which can be feed with a passay rule file (+ some Keycloak adapters to
support
Password history, blacklists) to validate a password.
Cheers,
Thomas
[0] http://www.passay.org/
[1] http://www.passay.org/reference/
More information about the keycloak-dev
mailing list