Wednesday, January 14, 2015

Adding custom password policy enforcer to WSO2 Identity Server.

1. Lets say, user password should meet the following requirements

* password should have at least one lower case
* password should have at least one upper case
* password should have at least one digit
* password should have at least one special character (!@#$%&*).
* password should have 6-8 characters.

 You can write new custom password enforcer extending the AbstractPasswordPolicyEnforcer class.

1. You can download the java project from following git repository location [i]


2. Build the project (Follow the README.txt).

3. Copy the jar file in to <IS5.0.0_HOME>/repository/components/lib directory.

4. Open the file (<IS5.0.0_HOME>/repository/conf/security/

5. Enable the  identity listener.


6. Disable the default Password.policy.extensions configurations.


7. Add new configuration for custom policy enforcer.


8. Restart the server.

9. Test.

i) user : ajith  password : 1Acws@d  (this password meet above  policy).

ii) user : ajith1 password : 1Acws@dgggg (this password doesn't meet above policy because length is  11.)