Hi Gayan, In case if you want to have both, default password policies and custom > password policies then you can keep both configurations are enabled.
When we have enabled both, default password policy and custom password policy think of a scenario as below. From custom password policy we have prohibited to use numbers and we enforce to use a number from the default password policy. In such a scenario we can't adhere to both custom and default password policies. Then do we overwrite the default password policy from custom password policy? Thanks, Hasanthi Dissanayake Software Engineer | WSO2 E: [email protected] M :0718407133| http://wso2.com <http://wso2.com/> On Fri, Mar 24, 2017 at 7:19 AM, Gayan Gunawardana <[email protected]> wrote: > > > On Fri, Mar 24, 2017 at 7:08 AM, Isura Karunaratne <[email protected]> wrote: > >> Hi Gayan, >> >> >> >> On Thu, Mar 23, 2017 at 11:56 PM, Gayan Gunawardana <[email protected]> >> wrote: >> >>> Hi All, >>> >>> We are in the process of Implementing password policy validation feature >>> for IS 6.0.0. >>> Up to IS 5.3.0 there are set of default password policies. >>> >>> >>> - Password Length Policy (check max length, min length) >>> - Password Name Policy (check equality of username and password) >>> - Password Pattern Policy (check password against given regex >>> pattern) >>> >>> In the password policy validation process, it goes through each and >>> every policies to check validity. If one of them fail password policy >>> validation will be failed. Further if we add custom policy it will be >>> evaluated in addition to default policies. >>> >>> IS 6.0.0 we have done bit of change. >>> >>> By default there are two ways to define password policies >>> >>> 1. From regex pattern. >>> 2. By using set of properties like min length, max length, lower >>> case, upper case. >>> >>> >>> *Identity Admin can define password policies by using regex pattern or >>> set of properties but not both. * >>> Also there is a flexibility to define custom password policies. You will >>> have two configurations under password policies, one is to enable password >>> policy validation and another one is to enable default password policy >>> validation. >>> >> What do you mean by custom password policies? is it same as regex pattern >> validation? >> > It may not be same as regex pattern validation. Ex password should not be > equal to user name. > >> >> Why is it required to have two configurations? We can support a default >> validation and if anyone requires changing that, he/she can define a custom >> policy. I don't mind any requirement to have both default password >> validation and custom validation at once since we can define any validation >> through a custom policy. >> >> Thanks >> Isura. >> >> >>> >>> In case if you want to have both, default password policies and custom >>> password policies then you can keep both configurations are enabled. If you >>> want to enable only custom policy then you can disable default policies. >>> >>> Appreciate your suggestions regarding this. >>> >> >>> Thanks, >>> Gayan >>> >>> -- >>> Gayan Gunawardana >>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>> Email: [email protected] >>> Mobile: +94 (71) 8020933 >>> >> >> > > > -- > Gayan Gunawardana > Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
