Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Identity Server admin can define custom password policies and enforce them at user creation. The configuration for password policy extension are This page demonstrates the process of writing a simple custom password policy and enforcing it.

Configuring password policy extensions

  1. Open the identity.xml file found in the <IS_HOME>/repository/conf/identity/

...

Configuration

  1.  directory and set the org.wso2.carbon.identity.mgt.IdentityMgtEventListener under the <EventListeners> tag to enable="true"

    Code Block
    language

...

Identity.Listener.Enable=true

...

  1. xml
    <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" 
name="org.wso2.carbon.identity.mgt.IdentityMgtEventListener" orderId="50" enable="true"/>

  2. Open the identity-mgt.properties file found in the <IS_HOME>/repository/conf/identity/ directory and define the following custom classes. 

    Code Block
    Password.policy.extensions.1=org.wso2.carbon.identity.mgt.policy.password.DefaultPasswordLengthPolicy
Password.policy.extensions.1.min.length=6
Password.policy.extensions.1.max.length=12

...

  1. Info

    min.length

...

  1.  and max.length

...

  1.  are the parameters that are passed to the custom password policy class (i.e., DefaultPasswordLengthPolicy). If you have more than one custom class, it can be defined by incrementing the integer as

...

  1. follows (e.g., "Password.policy.extensions.2")  and providing the parameters mentioned above if needed.

    Code Block
    languagejava
    Password.policy.extensions.2=org.wso2.carbon.identity.mgt.policy.password.DefaultPasswordNamePolicy

Writing

...

the custom password policy

You can write the custom classes for password policies by extending the org.wso2.carbon.identity.mgt.policy.AbstractPasswordPolicyEnforcerabstractAbstractPasswordPolicyEnforcer abstract class.

The two methods you need to implement are as follows: 

  • public void init(Map<String, String> params)­ - This method is used to initialize the configuration parameters.
  • public boolean enforce(Object... args)­ - Logic This method defines the logic of the policy enforcement.

The custom policies defined are added to a registry at runtime and are enforced in the order given in the configuration file. Hence Therefore, you need to consider the policy enforcement order when defining the configuration.

Code samples for The following code block is a sample implementation for of the two methods are as follows:

Code Block
languagejava
@Override
public void init(Map<String, String> params) {


	if (params != null && params.size() > 0) {
		MIN_LENGTH = Integer.parseInt(params.get("min.length"));
		MAX_LENGTH = Integer.parseInt(params.get("max.length"));
	}
}


@Override
public boolean enforce(Object... args) {
// If null input pass through.


	if (args != null) {


		String password = args[0].toString();
		if (password.length() < MIN_LENGTH) {


			errorMessage = "Password at least should have " + MIN_LENGTH + "characters";
			return false;
		} 
 
		else if (password.length() > MAX_LENGTH) {
			errorMessage = "Password cannot have more than " + MAX_LENGTH + "characters";
			return false;
		} 
 
		else {
			return true;
		}
	} 
	else {
		return true;
	}
}

Deploying and configuring the custom password validator

Do the following to deploy and enforce the custom password policy in the WSO2 Identity Server. 

  1. Compile the custom password policy code and get the resulting .jar file. 
  2. Copy the .jar file into the <IS_HOME>/repository/components/dropins folder.