[keycloak-user] User defined password policies

Marek Posolda mposolda at redhat.com
Mon Sep 4 11:27:32 EDT 2017


AFAIK 4 can be done through BruteForce protector. See the admin console 
brute force settings (It's in different place then password policies).

For 1,2,3 you would need to implement custom password policies. 
PasswordPolicy is an SPI, so you can add new providers to existing ones. 
See our documentation for SPI and providers and also the 
keycloak-examples distribution and especially the directory "providers".

Marek

On 01/09/17 15:26, Krishna Kuntala wrote:
> We have following requirements w.r.t. password policies. I am not sure
> whether we would be able to add custom password policies. If yes, how to
> define custom policies?
>
> 1. Password max length should be 16
> 2. Only allow 2 repeating characters
> 3. Satisfy 3 out of 4 password criterias mentioned in
> "Authentication->Password Policy"
> 4. Lock account for 1 hour after 3 failed login attempts
>
> Please let me know whether these requirements can be configured from the UI
> or do I need to implement some code to achieve this?
>
> Thanks and Regards,
> Krishna Kuntala
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list