[keycloak-user] User defined password policies
Marek Posolda
mposolda at redhat.com
Mon Sep 4 11:27:32 EDT 2017
AFAIK 4 can be done through BruteForce protector. See the admin console
brute force settings (It's in different place then password policies).
For 1,2,3 you would need to implement custom password policies.
PasswordPolicy is an SPI, so you can add new providers to existing ones.
See our documentation for SPI and providers and also the
keycloak-examples distribution and especially the directory "providers".
Marek
On 01/09/17 15:26, Krishna Kuntala wrote:
> We have following requirements w.r.t. password policies. I am not sure
> whether we would be able to add custom password policies. If yes, how to
> define custom policies?
>
> 1. Password max length should be 16
> 2. Only allow 2 repeating characters
> 3. Satisfy 3 out of 4 password criterias mentioned in
> "Authentication->Password Policy"
> 4. Lock account for 1 hour after 3 failed login attempts
>
> Please let me know whether these requirements can be configured from the UI
> or do I need to implement some code to achieve this?
>
> Thanks and Regards,
> Krishna Kuntala
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list