[keycloak-user] Password Policies do not Work When There is a User Federation
İlhan Subaşı
i.subasi at medyatakip.com
Fri Oct 11 10:35:41 EDT 2019
On 11.10.2019 15:41, cedric at couralet.eu wrote:
> Le Vendredi, Octobre 11, 2019 13:40 CEST, İlhan Subaşı <i.subasi at medyatakip.com> a écrit:
>
>> I have build an custom user storage provider using this example
>> https://github.com/thomasdarimont/keycloak-user-storage-provider-demo/tree/master/jar-module/src/main/java/de/tdlabs/keycoak/ext/storage/demo
>>
>> Unfortunately when you activate this user federation then password
>> policies do not work. For example under Authentication -> Password
>> Policy -> Add policy... -> Minimum Length. This does not work. Is there
>> any workaround to activate password policies?
>>
> I think you have to call the policy explicitly in your provider when updating password.
> Look in the LdapStorageProvider for an example :
> https://github.com/keycloak/keycloak/blob/master/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java#L626
Thanks a lot. It works now.
I've made a small edit after that line. Instead of throwing an
ModelException I return a boolean false, in case of an error.
PolicyError error =session.getProvider(PasswordPolicyManagerProvider.class).validate(realm, user, cred.getValue());
if (error !=null)return false;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4062 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20191011/24f3d3e1/attachment.bin
More information about the keycloak-user
mailing list