[keycloak-user] Forced password change for service accounts
Kevin Thorpe
kevin.thorpe at p-i.net
Mon May 9 12:17:12 EDT 2016
Ah, we were missing something so not a bug. It may be that Keycloak itoo
old on that install. It's 1.4.0.final.
I've also looked in 1.7.0.final as well and can't see where to turn service
accounts on.
*Kevin Thorpe*
VP Enterprise Platform
www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
*T: +44 (0)20 3005 6750 <%2B44%20%280%2920%203005%206750> | F: +44(0)20
7730 2635 <%2B44%280%2920%207730%202635> | T: +44 (0)808 204 0344
<%2B44%20%280%29808%20204%200344> *
*150 Buckingham Palace Road, London, SW1W 9TR, UK*
*SAVE PAPER - THINK BEFORE YOU PRINT!*
____________________________________________________________________
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. If you are not the intended recipient
you are notified that disclosing, copying, distributing or taking any
action in reliance on the contents of this information is strictly
prohibited.
On 9 May 2016 at 14:51, Marek Posolda <mposolda at redhat.com> wrote:
> If I understand correctly, you configured password policy
> "ForceExpiredPasswordChange" in Keycloak and after that period, you are
> seeing that keycloak requires changing password from serviceAccount user?
> This looks like a bug, serviceAccount users shouldn't be subject to
> password policy. Not even sure how is that possible...
>
> Feel free to create JIRA for this. Ideally with describing a bit more
> details (how you configured passwordPolicy, how you use serviceAccount, at
> which stage you see an issue, stacktrace (if present) etc. Thanks!
> Marek
>
>
> On 09/05/16 15:13, Kevin Thorpe wrote:
>
> Hi, we've just hit an issue where Keycloak was requiring a password change
> on a service account. We have addressed this by changing the password and
> also on the client service. We do though need to handle this before it all
> falls over as we missed a reporting run last night and breached our SLA
> with our client.
>
> What would be best practice for this? I'm thinking best to enforce
> rollover but we need a report on which service passwords are going to
> require reset. Is there any way to do that?
>
> *Kevin Thorpe*
> VP Enterprise Platform
>
> <http://www.p-i.net/>www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>
> *T: +44 (0)20 3005 6750 <%2B44%20%280%2920%203005%206750> | F: +44(0)20
> 7730 2635 <%2B44%280%2920%207730%202635> | T: +44 (0)808 204 0344
> <%2B44%20%280%29808%20204%200344> *
> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>
>
>
> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>
> ____________________________________________________________________
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and
> delete this e-mail from your system. If you are not the intended recipient
> you are notified that disclosing, copying, distributing or taking any
> action in reliance on the contents of this information is strictly
> prohibited.
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160509/18e7e796/attachment-0001.html
More information about the keycloak-user
mailing list