This documentation is for WSO2 Identity Server 5.0.0. View documentation for the latest release.
Page Comparison - Password Policies (v.1 vs v.2) - Identity Server 5.0.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

The Identity Server admin can define custom password policies and enforce them at user creation. The configuration for password policy extension are in the {carbon_home}/repository/conf/security/identity­mgt.properties file. You need to enable the identity management listener first by using the following configuration:

Configuration

Code Block
languagejava
Identity.Listener.Enable=true

You can define the custom classes as following in the configuration.

Code Block
Password.policy.extensions.1=org.wso2.carbon.identity.mgt.policy.password.DefaultPasswordLengthPolicy
Password.policy.extensions.1.min.length=6
Password.policy.extensions.1.max.length=12

Here the min.length and max.length are the parameters that are passed to the custom password policy class (DefaultPasswordLengthPolicy). If you have more than one custom class, it can be defined by incrementing the integer as follows and providing parameters as shown above if needed.

Code Block
languagejava
Password.policy.extensions.2=org.wso2.carbon.identity.mgt.policy.password.DefaultPasswordNamePolicy

Writing Custom Password Policies

You can write the custom classes for password policies by extending the org.wso2.carbon.identity.mgt.policy.AbstractPasswordPolicyEnforcerabstract class.

The two methods you need to implement are:

  • public void init(Map<String, String> params)­ - This is used to initialize the configuration parameters.
  • public boolean enforce(Object... args)­ - Logic of policy enforcement.

The custom policies defined are added to a registry at runtime and are enforced in the order given in the configuration file. Hence you need to consider the policy enforcement order when defining the configuration.

Code samples for sample implementation for the two methods are as follows:

Code Block
languagejava
@Override
public void init(Map<String, String> params) {


	if (params != null && params.size() > 0) {
		MIN_LENGTH = Integer.parseInt(params.get("min.length"));
		MAX_LENGTH = Integer.parseInt(params.get("max.length"));
	}
}


@Override
public boolean enforce(Object... args) {
// If null input pass through.


	if (args != null) {


		String password = args[0].toString();
		if (password.length() < MIN_LENGTH) {


			errorMessage = "Password at least should have " + MIN_LENGTH + "characters";
			return false;
		} 
 
		else if (password.length() > MAX_LENGTH) {
			errorMessage = "Password cannot have more than " + MAX_LENGTH + "characters";
			return false;
		} 
 
		else {
			return true;
		}
	} 
	else {
		return true;
	}
}