[keycloak-user] Is there a possibility to stop users changing their passwords too often?
Marek Posolda
mposolda at redhat.com
Fri Mar 18 09:14:44 EDT 2016
On 18/03/16 12:58, Stian Thorgersen wrote:
>
> Seems like a strange requirement. I can see why you would want users
> to update the password frequently, not the other way around. Or is
> there something I'm missing?
>
> Password policy will be made an spi in the future. That will make it
> easy to do, but it's not going to be done for a little while.
>
Maybe we can do Password policy SPI in 2.X together with validation SPI?
Looks to me like quite related things.
Marek
> On 18 Mar 2016 10:10, "Marek Posolda" <mposolda at redhat.com
> <mailto:mposolda at redhat.com>> wrote:
>
> Btv. Kevin you are using LDAP/MSAD right? If you have writable
> LDAP, then for the LDAP users, you can create custom LDAP Mapper
> implementation, which will implement "proxy" method and override
> "updateCredential" method of the proxy user object. Here you can
> implement this functionality by yourself (MSAD has pwdLastSet
> attribute with the time when password was updated for last time)
>
> Marek
>
> On 18/03/16 10:04, Marek Posolda wrote:
>> Hi,
>>
>> this is not available right now. It can be achieved with password
>> policy, but we don't have such a password policy right now. We
>> can either:
>> - Add the password policy to have this available in Keycloak OOTB
>> - Make PasswordPolicy pluggable SPI, so you can add your custom
>> password policy for the functionality like this.
>>
>> Feel free to create JIRA for this.
>>
>> Marek
>>
>> On 16/03/16 15:02, Kevin Thorpe wrote:
>>> A standard practice for login systems is to stop users changing
>>> their passwords too often. Keycloak does not support this as of
>>> 1.7.0. Is there a possibility of adding a timeout to stop too
>>> frequent password changes?
>>>
>>>
>>> *Kevin Thorpe*
>>> VP Enterprise Platform
>>>
>>> www.p-i.net <http://www.p-i.net> | @PI_150
>>> <https://twitter.com/@PI_150>
>>>
>>> *T: +44 (0)20 3005 6750 <tel:%2B44%20%280%2920%203005%206750> |
>>> F: +44(0)20 7730 2635 <tel:%2B44%280%2920%207730%202635> | T:
>>> +44 (0)808 204 0344 <tel:%2B44%20%280%29808%20204%200344> *
>>> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>>>
>>>
>>> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>>>
>>> ____________________________________________________________________
>>>
>>> This email and any files transmitted with it are confidential
>>> and intended solely for the use of the individual or entity to
>>> whom they are addressed. If you have received this email in
>>> error please notify the system manager. This message contains
>>> confidential information and is intended only for the individual
>>> named. If you are not the named addressee you should not
>>> disseminate, distribute or copy this e-mail. Please notify the
>>> sender immediately by e-mail if you have received this e-mail by
>>> mistake and delete this e-mail from your system. If you are not
>>> the intended recipient you are notified that disclosing,
>>> copying, distributing or taking any action in reliance on the
>>> contents of this information is strictly prohibited.
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160318/660d7997/attachment-0001.html
More information about the keycloak-user
mailing list