Maximum password length that RH-SSO allows in Password policies

Solution Verified - Updated -

Environment

  • RH-SSO 7.x

Issue

  • Maximum password length that RH-SSO allows in Password policies.
  • Does RH-SSO have a way in which we can define the maximum length of the password like we set minimum length of password ?
  • Does RH-SSO have any such limitation internally that it maintains regarding the password field?
  • Assuming that there is a way to set a maximum length, and we go ahead and set it - how does it affect the already existing users who may have a longer password than what we define?

Resolution

  • "Maximum Length" password policy is available in RH-SSO 7.5" whereas in older version (older than RH-SSO 7.4) its not available , that indicates users can have as short, as long, as complex, as secure password as they want.
  • Using RH-SSO version older than 7.4 and in use of "Maximum Length" in password policies recommended to migrate RH-SSO version to 7.5.

Root Cause

  • Each new realm created has no password policies associated with it. This means users can have a password which they feel is suitable for there environment. This is great for development or if you are just learning and playing around with Red Hat Single Sign-On, but pretty much unacceptable in production environment. Red Hat Single Sign-On has a rich set of password policies you can enable through the Admin Console.

Diagnostic Steps

Refer Service Provider Interfaces for SPI implementations.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments