Hi Prabath, Noted. I will include the password expiration policies in this authenticator (handler) as you told since IS already has password composition and password restrictions policies plugins.
Thanks, Kathees On Tue, Mar 1, 2016 at 12:40 PM, Prabath Siriwardana <[email protected]> wrote: > > > On Mon, Feb 29, 2016 at 10:58 PM, Kathees Rajendram <[email protected]> > wrote: > >> >> >> *Configure Password Composition:* >> >> - Minimum password length required. >> - Minimum number of upper case characters. >> - Minimum number of lower case characters. >> - Minimum number of digits. >> - Maximum consecutive character repeats. >> - User name or reverse of user name not in password. >> >> >> - Maximum number of failed attempts in given minutes or days and >> disable the user and they are redirected to a page that states "You cannot >> access your account at this time". >> >> >> - >> >> *Configure Password Restrictions:* >> >> - How long a user must wait before reusing the password. >> >> > These needs to be handled at a different level and IS already has a plugin > architecture for this.. not at this authenticator(handler) level.. > > >> Please suggest if there is any other policies we can add to this >> authenticator. >> Thanks, >> Kathees >> -- >> Kathees >> Software Engineer, >> email: [email protected] >> mobile: +94772596173 >> > > > > -- > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +1 650 625 7950 > > http://blog.facilelogin.com > http://blog.api-security.org > -- Kathees Software Engineer, email: [email protected] mobile: +94772596173
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
