Bug 973835
Summary: | Allow customers to customize login validation and accounts expiration | |||
---|---|---|---|---|
Product: | [JBoss] JBoss Enterprise Portal Platform 6 | Reporter: | William Antônio <wsiqueir> | |
Component: | Portal | Assignee: | Nobody <nobody> | |
Status: | VERIFIED --- | QA Contact: | ||
Severity: | low | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 6.0.0 | CC: | bdawidow, epp-bugs, jpallich, laszlo.van.den.hoek, ppalaga, theute, tkyjovsk | |
Target Milestone: | DR01 | |||
Target Release: | 6.2.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | 6_2 In_Progress | |||
Fixed In Version: | Doc Type: | Enhancement | ||
Doc Text: |
Previously, the password policy for JBoss Portal was static, and could not be customized. Portal administrators could not adjust the policy based on their requirements. The fix implements a configuration option that allows an Administrator to override the default validation by specifying custom password policies through the configuration.properties file.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1072150 (view as bug list) | Environment: | ||
Last Closed: | Type: | Feature Request | ||
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1072150 |
Description
William Antônio
2013-06-12 21:51:18 UTC
We need to discuss this one with Marek Posolda and decide if it should be done in OrganizationService or at the PicketLink IDM level. Regarding the second part of the ticket (account/password expiration), it's being tracked in another Bugzilla and bdaw can provide more details about it. About the first part, about customizing the rules for password validation, we've had a discussion about the possibilities, and it seems that the best for now would be something as follows: 1) Adapt/extend the current UserConfigurableValidator, which allows the usage of min/max/regex constraints for values based on values from a configuration file, for instance: gatein.validators.mycompanypasspolicy.length.min=5 gatein.validators.mycompanypasspolicy.length.max=50 gatein.validators.mycompanypasspolicy.regexp=... 2) Extend the User Interface to allow the administrator to enter the name of the configuration entry related to the password policy (mycompanypasspolicy , in this case). If this sounds reasonable, I'll go ahead and implement a proposal for this feature. I believe that the regexp approach would cover customer' requirements! It sounds good to me. The above PR was merged in upstream. I tried to apply few custom policies via .../gatein/configuration.properties and it worked fine. @Juraci Do you have the BZ # for the admin UI for selecting the policies? Jared, I've just added a new page on the GateIn documentation, under "Configuration > Configuration of custom data validators", but not sure it's on the right place. https://docs.jboss.org/author/display/GTNPORTAL38/Custom+password+policy Would you please review, and let me know if there's anything else pending for me. |