Basic Scenario in Keycloak:
- I have a realm (connected to my application)
- a specific user (with roles for my application; e.g. I use the username to send REST requests to the REST API of my application)
- and a password policy (e.g. “Expire Password”)
Use Case:
By default, password policies apply to all users. Now, however, I want to exclude this specific user from the password policies.
Question:
Can I exclude this user from the password policies with out-of-the-box functions in the graphical user interface of the Keycloak Admin Console?
~
Possible solution attempts:
- There are no default “roles” (e.g. in Admin Console > “Users” > select user > “Role Mapping” > “real-management” > …) to exclude the user from password policies.
- “Service accounts” (for clients, not users) are excluded from the password policies, can I simply use a service account to send REST requests to the REST API of my application as described here? (not a out-of-the-box solution, though, since I also need to send REST requests to Keycloak to get info about the service account) keycloak-documentation/service-accounts.adoc at main · keycloak/keycloak-documentation · GitHub
- Apparently, I can also set up the “master” realm to do this, but this is also not out-of-the-box (since you have to use code to fetch the users from the specific realm): java client - Exclude a user with realm-management role from keycloak's password policy - Stack Overflow