This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Password Policies

The Identity Server admin can define custom password policies and enforce them at user creation. The configuration for password policy extension are in the {carbon_home}/repository/conf/security/identity­mgt.properties file. You need to enable the identity management listener first by using the following configuration:

Configuration

Identity.Listener.Enable=true

You can define the custom classes as following in the configuration.

Password.policy.extensions.1=org.wso2.carbon.identity.mgt.policy.password.DefaultPasswordLengthPolicy
Password.policy.extensions.1.min.length=6
Password.policy.extensions.1.max.length=12

Here the min.length and max.length are the parameters that are passed to the custom password policy class (DefaultPasswordLengthPolicy). If you have more than one custom class, it can be defined by incrementing the integer as follows and providing parameters as shown above if needed.

Password.policy.extensions.2=org.wso2.carbon.identity.mgt.policy.password.DefaultPasswordNamePolicy

Writing Custom Password Policies

You can write the custom classes for password policies by extending the org.wso2.carbon.identity.mgt.policy.AbstractPasswordPolicyEnforcer abstract class.

The two methods you need to implement are:

  • public void init(Map<String, String> params)­ - This is used to initialize the configuration parameters.
  • public boolean enforce(Object... args)­ - Logic of policy enforcement.

The custom policies defined are added to a registry at runtime and are enforced in the order given in the configuration file. Hence you need to consider the policy enforcement order when defining the configuration.

Code samples for sample implementation for the two methods are as follows:

@Override
public void init(Map<String, String> params) {


	if (params != null && params.size() > 0) {
		MIN_LENGTH = Integer.parseInt(params.get("min.length"));
		MAX_LENGTH = Integer.parseInt(params.get("max.length"));
	}
}


@Override
public boolean enforce(Object... args) {
// If null input pass through.


	if (args != null) {


		String password = args[0].toString();
		if (password.length() < MIN_LENGTH) {


			errorMessage = "Password at least should have " + MIN_LENGTH + "characters";
			return false;
		} 
 
		else if (password.length() > MAX_LENGTH) {
			errorMessage = "Password cannot have more than " + MAX_LENGTH + "characters";
			return false;
		} 
 
		else {
			return true;
		}
	} 
	else {
		return true;
	}
}

 

Â