Commits on Jul 30, 2024

1. Add new password policy to validate passwords on login …

   Previously, Keycloak would only validate the password policy for new
   users and password changes. However, it may be desired to force all
   existing users to update their passwords when the password policy has
   changed.
   
   To accomplish this, this adds a new ValidateOnLogin password policy
   that can be configured per realm much like the existing password
   policies. When this policy is present, the password of the user will
   be validated against the current password policy on each login. This
   can be done for both, local users and users in the LDAP.
   
   When the LDAP is in read-only mode and the password no longer matches
   the policy, an error is shown, but the user is not given the option to
   update their password, as that doesn't work with read-only LDAP.
   Administrators with a read-only LDAP are free to disable the policy on
   login to avoid this.
   
   Currently, users are only shown a generic error message that their
   password no longer matches the policy, but not the exact error.
   This is because I didn't find a way to properly pass the PolicyError up
   to the authenticator which handles the password validation, as the
   policy errors contain parameters (like minimum lower case chars) and
   their error messages are localized based on the users locale.
   
   Closes keycloak#14150
   
   Signed-off-by: Tobias Kantusch <[email protected]>

   

   sirkrypt0 committed Jul 30, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 4bfb8c0
   • Browse repository at this point

   Copy the full SHA

   4bfb8c0 View commit details

   Browse the repository at this point in the history