Hi All, We are in the process of Implementing password policy validation feature for IS 6.0.0. Up to IS 5.3.0 there are set of default password policies.
- Password Length Policy (check max length, min length) - Password Name Policy (check equality of username and password) - Password Pattern Policy (check password against given regex pattern) In the password policy validation process, it goes through each and every policies to check validity. If one of them fail password policy validation will be failed. Further if we add custom policy it will be evaluated in addition to default policies. IS 6.0.0 we have done bit of change. By default there are two ways to define password policies 1. From regex pattern. 2. By using set of properties like min length, max length, lower case, upper case. *Identity Admin can define password policies by using regex pattern or set of properties but not both. * Also there is a flexibility to define custom password policies. You will have two configurations under password policies, one is to enable password policy validation and another one is to enable default password policy validation. In case if you want to have both, default password policies and custom password policies then you can keep both configurations are enabled. If you want to enable only custom policy then you can disable default policies. Appreciate your suggestions regarding this. Thanks, Gayan -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
