Hi Gayan,
On Thu, Mar 23, 2017 at 11:56 PM, Gayan Gunawardana <[email protected]> wrote: > Hi All, > > We are in the process of Implementing password policy validation feature > for IS 6.0.0. > Up to IS 5.3.0 there are set of default password policies. > > > - Password Length Policy (check max length, min length) > - Password Name Policy (check equality of username and password) > - Password Pattern Policy (check password against given regex pattern) > > In the password policy validation process, it goes through each and every > policies to check validity. If one of them fail password policy validation > will be failed. Further if we add custom policy it will be evaluated in > addition to default policies. > > IS 6.0.0 we have done bit of change. > > By default there are two ways to define password policies > > 1. From regex pattern. > 2. By using set of properties like min length, max length, lower case, > upper case. > > > *Identity Admin can define password policies by using regex pattern or set > of properties but not both. * > Also there is a flexibility to define custom password policies. You will > have two configurations under password policies, one is to enable password > policy validation and another one is to enable default password policy > validation. > What do you mean by custom password policies? is it same as regex pattern validation? Why is it required to have two configurations? We can support a default validation and if anyone requires changing that, he/she can define a custom policy. I don't mind any requirement to have both default password validation and custom validation at once since we can define any validation through a custom policy. Thanks Isura. > > In case if you want to have both, default password policies and custom > password policies then you can keep both configurations are enabled. If you > want to enable only custom policy then you can disable default policies. > > Appreciate your suggestions regarding this. > > Thanks, > Gayan > > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
