Bug 973835 - Allow customers to customize login validation and accounts expiration
Summary: Allow customers to customize login validation and accounts expiration
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: JBoss Enterprise Portal Platform 6
Classification: JBoss
Component: Portal
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: DR01
: 6.2.0
Assignee: Nobody
QA Contact:
URL:
Whiteboard: 6_2 In_Progress
Depends On:
Blocks: 1072150
TreeView+ depends on / blocked
 
Reported: 2013-06-12 21:51 UTC by William Antônio
Modified: 2025-02-10 03:27 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
: 1072150 (view as bug list)
Environment:
Last Closed: 2025-02-10 03:27:55 UTC
Type: Feature Request
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker GTNPORTAL-3402 0 Major Resolved Allow customers to customize login validation and accounts expiration 2017-08-03 10:58:12 UTC

Description William Antônio 2013-06-12 21:51:18 UTC
Description of problem:

Currently EPP/JPP only validates passwords by String length. It forces the length to be 6-30. 

   addUIFormInput(new UIFormStringInput(PASSWORD, PASSWORD, null).setType(UIFormStringInput.PASSWORD_TYPE)
         .addValidator(MandatoryValidator.class).addValidator(PasswordStringLengthValidator.class, 6, 30));
      
      addUIFormInput(new UIFormStringInput(CONFIRM_PASSWORD, CONFIRM_PASSWORD, null).setType(UIFormStringInput.PASSWORD_TYPE)
         .addValidator(MandatoryValidator.class).addValidator(PasswordStringLengthValidator.class, 6, 30));


Some customers requirements are to add other type of validations as well. For example:

- Measure password strength;
- rules for password.

Other features to the security in general could be added:

- Account and password expiration. 

This RFE is to allow customers to add custom password rules to their JPP installation and also allow account and password expiration settings.

Comment 3 Boleslaw Dawidowicz 2014-01-09 10:41:11 UTC
We need to discuss this one with Marek Posolda and decide if it should be done in OrganizationService or at the PicketLink IDM level.

Comment 4 Juraci Paixão Kröhling 2014-01-22 15:39:00 UTC
Regarding the second part of the ticket (account/password expiration), it's being tracked in another Bugzilla and bdaw can provide more details about it. 

About the first part, about customizing the rules for password validation, we've had a discussion about the possibilities, and it seems that the best for now would be something as follows:

1) Adapt/extend the current UserConfigurableValidator, which allows the usage of min/max/regex constraints for values based on values from a configuration file, for instance:

gatein.validators.mycompanypasspolicy.length.min=5
gatein.validators.mycompanypasspolicy.length.max=50
gatein.validators.mycompanypasspolicy.regexp=...

2) Extend the User Interface to allow the administrator to enter the name of the configuration entry related to the password policy (mycompanypasspolicy , in this case). 

If this sounds reasonable, I'll go ahead and implement a proposal for this feature.

Comment 5 William Antônio 2014-01-22 16:26:38 UTC
I believe that the regexp approach would cover customer' requirements!

It sounds good to me.

Comment 6 Juraci Paixão Kröhling 2014-03-04 17:18:57 UTC
PR: https://github.com/gatein/gatein-portal/pull/796

Comment 7 Peter Palaga 2014-03-11 11:24:10 UTC
The above PR was merged in upstream.

Comment 8 Tomas Kyjovsky 2014-05-28 20:15:47 UTC
I tried to apply few custom policies via .../gatein/configuration.properties and it worked fine.

@Juraci Do you have the BZ # for the admin UI for selecting the policies?

Comment 10 Juraci Paixão Kröhling 2014-09-02 13:58:38 UTC
Jared,

I've just added a new page on the GateIn documentation, under "Configuration > Configuration of custom data validators", but not sure it's on the right place. 

https://docs.jboss.org/author/display/GTNPORTAL38/Custom+password+policy

Would you please review, and let me know if there's anything else pending for me.

Comment 14 Red Hat Bugzilla 2025-02-10 03:27:55 UTC
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.


Note You need to log in before you can comment on or make changes to this bug.