The Keycloak 18/19 documentation states the following in the section on password policies:
After saving the policy, Keycloak enforces the policy for new users and sets an Update Password action for existing users to ensure they change their password the next time they log in.
This does not appear to work as stated. I tried it with both version 18 and 19 Keycloak servers freshly downloaded and running locally. I can create a new user with a password then add a new more restrictive password policy to the realm. The user can still log in with the original password and it does not present me with the update password form. If I create a new user the new password policy does apply correctly.
Am I missing some other configuration step for this feature or is this a defect?
Thanks for any help!