Wednesday, January 14, 2015

Adding custom password policy enforcer to WSO2 Identity Server.

1. Lets say, user password should meet the following requirements

* password should have at least one lower case
* password should have at least one upper case
* password should have at least one digit
* password should have at least one special character (!@#$%&*).
* password should have 6-8 characters.

 You can write new custom password enforcer extending the AbstractPasswordPolicyEnforcer class.

1. You can download the java project from following git repository location [i]

[i]https://github.com/ajithnv/blog_resources/tree/master/passwordpolicy

2. Build the project (Follow the README.txt).

3. Copy the jar file in to <IS5.0.0_HOME>/repository/components/lib directory.

4. Open the identity-mgt.properties file (<IS5.0.0_HOME>/repository/conf/security/identity-mgt.properties).

5. Enable the  identity listener.

Identity.Listener.Enable=true

6. Disable the default Password.policy.extensions configurations.

#Password.policy.extensions.1=org.wso2.carbon.identity.mgt.policy.password.DefaultPasswordLengthPolicy
#Password.policy.extensions.1.min.length=6
#Password.policy.extensions.1.max.length=12
#Password.policy.extensions.2=org.wso2.carbon.identity.mgt.policy.password.DefaultPasswordNamePolicy
#Password.policy.extensions.3=org.wso2.carbon.identity.mgt.policy.password.DefaultPasswordPatternPolicy
#Password.policy.extensions.3.pattern=^((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%&*])).{0,100}$

7. Add new configuration for custom policy enforcer.

Password.policy.extensions.1=org.sample.policy.CustomPasswordPolicyEnforcer
Password.policy.extensions.1.pattern=^((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%&*])).{6,8}$

8. Restart the server.

9. Test.

i) user : ajith  password : 1Acws@d  (this password meet above  policy).


ii) user : ajith1 password : 1Acws@dgggg (this password doesn't meet above policy because length is  11.)