[keycloak-user] Different password policies for the same client

Sebastian Olscher sebastian.olscher at traveltainment.de
Wed Oct 14 11:09:55 EDT 2015

Hi guys,

is there any way to configure different password policies for different kind of users in one realm?

We´re dealing with the following use case: Two different types of users: one represents human users, who are able to login via a login page. The second represents other applications which do a system to system communication without login via a login page . For human users we want to specify the policy that they have to change their password at least all 90 days. User which were used for other applications (machine to machine communication) were not able to change their password. So we want to define this policy is only for human users.

I can´t find a possibility to distinguish between user types, so our idea was to use two separated realms. I can add user from type A to Realm 1 and user from type B to Realm 2 and with that, I´m able to configure different password policies for both groups. But at the end if both user types have access to the same client, I have to configure the same client with all its roles in both realms identically to add roles of this client to users within this realm.

What would be your recommendation to fulfil the requirement described in the use case?

Thanks for your help,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151014/13b135ae/attachment.html 

More information about the keycloak-user mailing list