Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-9929

I can implement a password policy for engine-managed users

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Fixed
    • L3 - Default
    • 7.11.0, 7.11.0-alpha3
    • None
    • engine
    • None

    Description

      • Define a public API interface PasswordPolicy that exposes a password validation method
      • The password policy is evaluted by the db-based identity provider whenever a user is created
      • Create a default implementation => check for best practices guides, e.g. OWASP
      • default password policy is disabled by default
      • there is a boolean engine configuraiton property to enable the password policy; throw an exception if this value is set to true but no password policy is defined
      • the demo users of the distros should still have the short passwords that they have now

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            is depended on by

            Bug Report - A problem which impairs or prevents the functions of the product. CAM-10182 IdentityService#getPasswordPolicy is not functional

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Feature Request - A new feature of the product, which has yet to be developed. CAM-9893 I can define a password policy for engine-managed users

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed
            is related to

            Feature Request - A new feature of the product, which has yet to be developed. CAM-9931 In Webapps, passwords are validated against a password policy

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Task - A task that needs to be done. CAM-10069 Password policy should be disabled by default

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Task - A task that needs to be done. CAM-10074 PasswordPolicy Feedback Implementation

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Task - A task that needs to be done. CAM-10075 password-policy REST endpoint should not require authorization

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Feature Request - A new feature of the product, which has yet to be developed. CAM-9936 I can validate a password against the password policy via REST API

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Task - A task that needs to be done. CAM-10114 IdentityService#checkPasswordAgainstPolicy is not intuitive

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Task - A task that needs to be done. CAM-10115 Improve tests for IdentityService#checkPasswordAgainstPolicy

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Activity

              People

                Unassigned Unassigned
                thorben.lindhauer Thorben Lindhauer
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Salesforce