[cas-user] About Disabling to

Mon, 03 Nov 2025 05:39:52 -0800 

Hello everyone, 
After upgrading to 7.3.0 (from 6.x) i see that users with weak password are 
getting HTTP 500 with message "Detected weak password for user *USERNAME* " 
on rest responses. And for the web ui side, i see that they're forced to 
change their passwords. Users can get their passwords changed regularly, so 
with and not to cut off these users' operations in mind, i'am searching for 
a better solution to disable this feature. 

When checking out the source code, i see that this behaviour consists of 
auto-registration of PasswordStrengthAuthenticationPostProcessor, and set 
up when this configuration exists:
cas.authn.pm.core.password-policy-pattern=^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[$@$!%*?&])[A-Za-z\d$@$!%*?&]{8,10}

Is there another way to configure this behaviour other than this: 

/**
* By default, CAS checks if given password is weak when authenticating a 
user. This check is
* enabled by default when a regex value given to this config:
* `cas.authn.pm.core.password-policy-pattern`. It's defined in:
* {@link 
PasswordManagementWebflowConfiguration.PasswordManagementPolicyConfiguration#passwordStrengthAuthenticationPostProcessor}
* and configured in:
* {@link 
PasswordManagementWebflowConfiguration.PasswordManagementPolicyConfiguration#passwordManagementAuthenticationExecutionPlanConfigurer}
*
* So in order to disable this checks when authenticating users,
* i've overridden the bean like this:
*/
@Bean
@RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
@ConditionalOnMissingBean(name = 
"passwordStrengthAuthenticationPostProcessor")
public AuthenticationPostProcessor 
passwordStrengthAuthenticationPostProcessor() {
// No-op post-processor
return AuthenticationPostProcessor.none();
}


I think there should be another configuration that enables/disables this 
post processor, other than the  password-policy-pattern which is in-tandem 
with password management's reset functionality.

Thank you and have a nice day.
YG

-- 
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2ecc0260-e0bb-418b-983e-fc6a3ef62201n%40apereo.org.

Reply via email to