[keycloak-dev] Password Expiry present but unimplemented?

Stian Thorgersen sthorger at redhat.com
Thu Mar 7 10:13:48 EST 2019


I don't know the exact code, but I suspect
ForceExpiredPasswordPolicyProviderFactory is just there to make it possible
to configure. PasswordPolicy providers in general take action when a
password is updated, not when it's used. As such there is probably
something else that is checking the password is not expired, probably
something hardcoded in the authenticator.

On Thu, 7 Mar 2019 at 14:49, Dan Hardiker <dhardiker at adaptavist.com> wrote:

> Hi,
>
> I noticed that password expiry wasn’t working with LDAP. Initially I
> thought this was another mapping issue, expecting to need to support a
> passwordSetAt timestamp or something, however when I dug into the code I
> found ForceExpiredPasswordPolicyProviderFactory had the following:
>
> @Override
> public PolicyError validate(RealmModel realm, UserModel user, String
> password) {
>     return null;
> }
>
> @Override
> public PolicyError validate(String user, String password) {
>     return null;
> }
>
> This appears to mean it’s not implemented. Is this the case? Am I looking
> in the wrong place?
>
>
>> Dan Hardiker | Adaptavist
> dhardiker at adaptavist.com
>
> Winners of the Atlassian President's Award for Technical Excellence -
> http://bit.ly/techexc <http://bit.ly/techexc>
>
> Adaptavist <http://adaptavist.com/>, Waterside, Unit 2, 44-48 Wharf Road,
> London, N1 7UX, United Kingdom.
> Registered in England and Wales #5456785.
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev


More information about the keycloak-dev mailing list