On Fri, Mar 24, 2017 at 7:08 AM, Isura Karunaratne <[email protected]> wrote:
> Hi Gayan, > > > > On Thu, Mar 23, 2017 at 11:56 PM, Gayan Gunawardana <[email protected]> > wrote: > >> Hi All, >> >> We are in the process of Implementing password policy validation feature >> for IS 6.0.0. >> Up to IS 5.3.0 there are set of default password policies. >> >> >> - Password Length Policy (check max length, min length) >> - Password Name Policy (check equality of username and password) >> - Password Pattern Policy (check password against given regex pattern) >> >> In the password policy validation process, it goes through each and every >> policies to check validity. If one of them fail password policy validation >> will be failed. Further if we add custom policy it will be evaluated in >> addition to default policies. >> >> IS 6.0.0 we have done bit of change. >> >> By default there are two ways to define password policies >> >> 1. From regex pattern. >> 2. By using set of properties like min length, max length, lower >> case, upper case. >> >> >> *Identity Admin can define password policies by using regex pattern or >> set of properties but not both. * >> Also there is a flexibility to define custom password policies. You will >> have two configurations under password policies, one is to enable password >> policy validation and another one is to enable default password policy >> validation. >> > What do you mean by custom password policies? is it same as regex pattern > validation? > It may not be same as regex pattern validation. Ex password should not be equal to user name. > > Why is it required to have two configurations? We can support a default > validation and if anyone requires changing that, he/she can define a custom > policy. I don't mind any requirement to have both default password > validation and custom validation at once since we can define any validation > through a custom policy. > > Thanks > Isura. > > >> >> In case if you want to have both, default password policies and custom >> password policies then you can keep both configurations are enabled. If you >> want to enable only custom policy then you can disable default policies. >> >> Appreciate your suggestions regarding this. >> > >> Thanks, >> Gayan >> >> -- >> Gayan Gunawardana >> Software Engineer; WSO2 Inc.; http://wso2.com/ >> Email: [email protected] >> Mobile: +94 (71) 8020933 >> > > -- Gayan Gunawardana Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
