User with no password expiry (or) password policy specific to user

A-Aravindhan · February 24, 2020, 9:06am

We are using Keycloak as our Identity Management System. We see that the “Password policies” are set at the Realm level and not at the user level.

We have a customer requirement wherein the password policy has to be applied on the user level. We understand that this can open up security concerns, but still want to check if there are any workaround around this use case.

zonaut · March 2, 2020, 12:08pm

Hi,

I don’t think you can do that as is.

Worst case you could set a property for each user which contains a regex or enum type if you have only a fixed number of possibilities.
And then you could create a custom provider that handles the logic for these things.

Topic		Replies	Views
"Expire Password" policy in Custom User Storage Provider Extending the server	4	3500	March 30, 2023
LDAP password expiration warning in Keycloak	1	429	May 23, 2023
"Not Recently Used" password policy not working Configuring the server admin-console , user-federation , ldap	5	1877	May 23, 2023
Users are been forced to change password everyday Configuring the server authentication	0	361	February 13, 2021
Integrating Custom UserStorageProvider with Keycloak for Password Management Extending the server user-federation	1	204	February 1, 2024

User with no password expiry (or) password policy specific to user

Related Topics