Hi all, I have started working on a Password Rotation Policy Authenticator for the Identity Server.
Currently, there is an authenticator [1] which can be used to force the user to change the password. However, it does not support the following requirements on its own. - Force the user to change the password to a *previously unused password* - *Notify the user* when the password had expired According to my research, I found out that the *user can be forced to change the password to a previously unused password using the Password History Validation Policy* [2] and the authenticator [1]. However, the authenticator does not show a proper message to the user. I am planning to fix this. I have also started working on the *password expiry notifications*. The planned approach that will be used is as follows, - Emit the password change event to analytics - Use an analytic query to identify the user's whose passwords had expired This approach was selected as this will have a minimal load on the identity server instance as well as it will also open up the path to do further analytics to identify anomalous user behaviors. Any suggestions or improvements are highly appreciated. [1] https://store.wso2.com/store/assets/isconnector/ details/502efeb1-cc59-4b62-a197-8c612797933c [2] https://docs.wso2.com/display/IS530/Password+History+Validation Thank you! Regards, NadunD -- *Nadun De Silva* Software Engineer | WSO2 Email: [email protected] Mobile: +94778222607 Web: http://wso2.com <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
