Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-9929

I can implement a password policy for engine-managed users

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Fixed
    • Icon: L3 - Default L3 - Default
    • 7.11.0, 7.11.0-alpha3
    • None
    • engine
    • None

      • Define a public API interface PasswordPolicy that exposes a password validation method
      • The password policy is evaluted by the db-based identity provider whenever a user is created
      • Create a default implementation => check for best practices guides, e.g. OWASP
      • default password policy is disabled by default
      • there is a boolean engine configuraiton property to enable the password policy; throw an exception if this value is set to true but no password policy is defined
      • the demo users of the distros should still have the short passwords that they have now

        This is the controller panel for Smart Panels app

            [CAM-9929] I can implement a password policy for engine-managed users

            Miklas Boskamp added a comment - 
            when validation fails, mark unfulfilled rules (like described in CAM-10074)
Make placeholders more meaningful, e. g. "DIGIT" is very generic and it is likely that this placeholder is already taken

            see CAM-10074

            Idea: What about implementing a weak password policiy for the invoice example that is compliant with the passwords we already have
Like this we could showcase the password policiy feature and make it more visible

            see CAM-10069

            Miklas Boskamp added a comment - when validation fails, mark unfulfilled rules (like described in CAM-10074) Make placeholders more meaningful, e. g. "DIGIT" is very generic and it is likely that this placeholder is already taken see CAM-10074 Idea: What about implementing a weak password policiy for the invoice example that is compliant with the passwords we already have Like this we could showcase the password policiy feature and make it more visible see CAM-10069

              Unassigned Unassigned
              thorben.lindhauer Thorben Lindhauer
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: