Tuesday, September 1, 2015

How to set password validation policy in WSO2 Identity Server


If you need to add custom password policy there are multiple layers you can add that. First one is user-mgt.xml file and other configuration file is identity-mgt.properties file.

If identity management listener is enabled(only), user passwords should be satisfied both both regrEx defined in user-mgt.xml and identity-mgt.properties files. Otherwise we will check user-mgt.xml to validate password policy.

/repository/conf/user-mgt.xml
         
 <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>

Following properties will be picked only if we enabled identity listener(Identity.Listener.Enable=true). Otherwise configurations on user management xml will only affect.

/repository/conf/security/identity-mgt.properties
Password.policy.extensions.1.min.length=6
Password.policy.extensions.1.max.length=12
Password.policy.extensions.3.pattern=^((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%&*])).{0,100}$

No comments:

Post a Comment