Description of problem: Currently EPP/JPP only validates passwords by String length. It forces the length to be 6-30. addUIFormInput(new UIFormStringInput(PASSWORD, PASSWORD, null).setType(UIFormStringInput.PASSWORD_TYPE) .addValidator(MandatoryValidator.class).addValidator(PasswordStringLengthValidator.class, 6, 30)); addUIFormInput(new UIFormStringInput(CONFIRM_PASSWORD, CONFIRM_PASSWORD, null).setType(UIFormStringInput.PASSWORD_TYPE) .addValidator(MandatoryValidator.class).addValidator(PasswordStringLengthValidator.class, 6, 30)); Some customers requirements are to add other type of validations as well. For example: - Measure password strength; - rules for password. Other features to the security in general could be added: - Account and password expiration. This RFE is to allow customers to add custom password rules to their JPP installation and also allow account and password expiration settings.
We need to discuss this one with Marek Posolda and decide if it should be done in OrganizationService or at the PicketLink IDM level.
Regarding the second part of the ticket (account/password expiration), it's being tracked in another Bugzilla and bdaw can provide more details about it. About the first part, about customizing the rules for password validation, we've had a discussion about the possibilities, and it seems that the best for now would be something as follows: 1) Adapt/extend the current UserConfigurableValidator, which allows the usage of min/max/regex constraints for values based on values from a configuration file, for instance: gatein.validators.mycompanypasspolicy.length.min=5 gatein.validators.mycompanypasspolicy.length.max=50 gatein.validators.mycompanypasspolicy.regexp=... 2) Extend the User Interface to allow the administrator to enter the name of the configuration entry related to the password policy (mycompanypasspolicy , in this case). If this sounds reasonable, I'll go ahead and implement a proposal for this feature.
I believe that the regexp approach would cover customer' requirements! It sounds good to me.
PR: https://github.com/gatein/gatein-portal/pull/796
The above PR was merged in upstream.
I tried to apply few custom policies via .../gatein/configuration.properties and it worked fine. @Juraci Do you have the BZ # for the admin UI for selecting the policies?
Jared, I've just added a new page on the GateIn documentation, under "Configuration > Configuration of custom data validators", but not sure it's on the right place. https://docs.jboss.org/author/display/GTNPORTAL38/Custom+password+policy Would you please review, and let me know if there's anything else pending for me.
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.