UAA : Is anyone utilizing the Password Score Feature

Sree Tummidi

Hi All,

The UAA team is in the process of implementing Password Policy feature
<> for users stored in
The following properties around password strength will be exposed in the
YML configuration.

# minLength: 8
# requireAtLeastOneSpecialCharacter: true
# requireAtLeastOneUppercaseCharacter: true
# requireAtLeastOneLowercaseCharacter: true
# requireAtLeastOneDigit: true

The Password Policy feature is being implemented to support multi-tenant
UAA. Each Tenant/Identity Zone will get its own password policy. The
password policy for the default zone will be configurable via YML.

UAA currently supports the *zxcvbn
password score. This is currently exposed via the following properties in
the YML configuration file. There is an end point
querying the status of the same.


required-score: <int>

We would like to understand if this password score feature is being
utilized at all. We don't plan on making this feature multi-tenant and
would like to drop this in favor of the new approach which is much more
granular and supports multi tenancy.
Sree Tummidi
Sr. Product Manager
Identity - Pivotal Cloud Foundry

Join to automatically receive all group messages.