1 Reply Latest reply on Jan 8, 2014 8:30 AM by pcraveiro

what PinketLink API would I use for password creation restrictions?

mazz Jan 2, 2014 3:46 PM

Excuse the newbie question - I did a quick google and scanned through the javadoc but didn't find the answer...

What API should I be looking at, or how should I do this in PicketLink, to allow picketlink to enforce password restrictions when creating or updating passwords? In other words, I want to enforce that all passwords that get created or updated for a user follow a pattern like "must be 8-chars long, must have at least 1 special char and 1 number", etc, etc, etc? I want this configurable - for example, I might want to restrict it to 8-characters minimum, but someone else might want to change it to force the minimum to be 6-characters - someone might want to allow special characters, others might want to restrict it to alphanumeric.

1. Re: what PinketLink API would I use for password creation restrictions?

pcraveiro Jan 8, 2014 8:30 AM (in response to mazz)

Hi,

    There is no way to enforce restrictions to a password OOTB. But you can always provide your own credential handlers/storages:

           Chapter 4. Identity Management - Credential Validation and Management

    Another thing you can do is use ad-hoc attributes to store user preferences and provide the validations in your application. So instead of using directly the IdentityManager you provide your own PasswordManagementService which in turns provide all validations and delegates the update/create to the IdentityManager.

           Chapter 6. Identity Management - Attribute Management

    You can use attributes on Partitions to store global password restrictions and on Users for a more fine-grained control.
Actions