[keycloak-user] Question re Keycloak password / session ploicies

Stian Thorgersen sthorger at redhat.com
Wed Apr 13 14:47:37 EDT 2016


Nope, that one is not there. You can add a jira request for it.
On 13 Apr 2016 20:46, "Richard Lavallee" <rllavallee at hotmail.com> wrote:

> *Is the below policy supported in Keycloak?  If not can it be done in some
> custom way?*
>
> You are only allowed to change your password every 30 days
>
> ------------------------------
> Date: Wed, 13 Apr 2016 20:42:20 +0200
> Subject: RE: [keycloak-user] Question re Keycloak password / session
> ploicies
> From: sthorger at redhat.com
> To: rllavallee at hotmail.com
> CC: stian at redhat.com; keycloak-user at lists.jboss.org
>
> Sure, but it would be a rather lengthy one.
> On 13 Apr 2016 17:18, "Richard Lavallee" <rllavallee at hotmail.com> wrote:
>
> Thanks.  But even for repetitive letters such as "aaaa"
> I could still devise a regex such as "xx" | "xX" | "Xx" | "XX", yes?
>
> ------------------------------
> Date: Wed, 13 Apr 2016 06:47:09 +0200
> Subject: Re: [keycloak-user] Question re Keycloak password / session
> ploicies
> From: sthorger at redhat.com
> To: rllavallee at hotmail.com
> CC: keycloak-user at lists.jboss.org
>
> That'd do it. I got confused and thought you didn't want to repetitive
> letters.
>
> On 12 April 2016 at 19:32, Richard Lavallee <rllavallee at hotmail.com>
> wrote:
>
>
>    - Password should not have consecutive letters
>
> Maybe, if you can come up with a way to write that as regex (probably not
> though). We'll add ability to create custom password policies in the future
> though.
>
> Wouldn't the below suffice for regex?  Thus avoiding needing custom work
> for the short-term?
>
> forward  =
> "ab|bc|cd|de|ef|fg|gh|hi|ij|jk|kl|lm|mn|no|op|pq|qr|rs|st|tu|uv|vw|wx|xy|yz",
>     backward =
> "zy|yx|xw|wv|vu|ut|ts|sr|rq|qp|po|on|nm|ml|lk|kj|ji|ih|hg|gf|fe|ed|dc|cb|ba",
>     regex    = "(" + forward + "|" + backward + ")+";
>
>
> ------------------------------
> Date: Tue, 12 Apr 2016 06:37:41 +0200
> Subject: Re: [keycloak-user] Question re Keycloak password / session
> ploicies
> From: sthorger at redhat.com
> To: rllavallee at hotmail.com
> CC: keycloak-user at lists.jboss.org
>
>
>
>
> On 11 April 2016 at 20:49, Richard Lavallee <rllavallee at hotmail.com>
> wrote:
>
> Does Keycloak support the following requirements?
>
> *Password:*
>
>    - Password should be changed in every 60 days (configurable)
>
> Yes
>
>
>    - If user enters password wrong three times account is locked out for
>    15 min (configurable)
>
> Yes
>
>
>    - Password chosen should not be previous 24 passwords
>
> Yes
>
>
>    - Password should have a letter and a number
>
> Yes
>
>
>    - Password should not have consecutive letters
>
> Maybe, if you can come up with a way to write that as regex (probably not
> though). We'll add ability to create custom password policies in the future
> though.
>
>
>    -
>
> *Inactivity:*
>
>    - Application session inactivity - default is 45 minutes (can be
>    configured)
>
> Yes, you can configure idle timeout for a session. Idle for a session is
> if there are no app logins or token refreshes
>
>
>    - Account inactivity - account inactivity is 30 days default
>    (configurable)
>
> Yes
>
>
> -Richard
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160413/de510cb9/attachment-0001.html 


More information about the keycloak-user mailing list