Re: UAA : Is anyone utilizing the Password Score Feature


Josh Ghiloni
 

In that vein, it would be nice to be able to specify which characters constitute “special” and to have a list of disallowed characters.

Josh Ghiloni
Senior Consultant
303.932.2202 o | 303.590.5427 m | 303.565.2794 f
jghiloni(a)ecsteam.com<mailto:jghiloni(a)ecsteam.com>

ECS Team
Technology Solutions Delivered
ECSTeam.com<http://ECSTeam.com>

On Jun 3, 2015, at 13:20, Nicholas Calugar <ncalugar(a)pivotal.io<mailto:ncalugar(a)pivotal.io>> wrote:

Hi Sree,

Not sure if this is possible, but maybe instead of requireAtLeastOneSpecialCharacter boolean, you could do minSpecialCharacters int (0-n)? This would allow more rigorous password policies.


Nick


Nicholas Calugar



On Wed, Jun 3, 2015 at 12:00 PM, Sree Tummidi <stummidi(a)pivotal.io<mailto:stummidi(a)pivotal.io>> wrote:

Hi All,

The UAA team is in the process of implementing Password Policy feature<https://www.pivotaltracker.com/story/show/82182984> for users stored in UAA.
The following properties around password strength will be exposed in the YML configuration.

#passwordPolicy:
# minLength: 8
# requireAtLeastOneSpecialCharacter: true
# requireAtLeastOneUppercaseCharacter: true
# requireAtLeastOneLowercaseCharacter: true
# requireAtLeastOneDigit: true

The Password Policy feature is being implemented to support multi-tenant UAA. Each Tenant/Identity Zone will get its own password policy. The password policy for the default zone will be configurable via YML.


UAA currently supports the zxcvbn<https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/> style password score. This is currently exposed via the following properties in the YML configuration file. There is an end point<https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rst#query-the-strength-of-a-password-post-password-score> for querying the status of the same.

password-policy:

required-score: <int>

We would like to understand if this password score feature is being utilized at all. We don't plan on making this feature multi-tenant and would like to drop this in favor of the new approach which is much more granular and supports multi tenancy.

Thanks,
Sree Tummidi
Sr. Product Manager
Identity - Pivotal Cloud Foundry


_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org<mailto:cf-dev(a)lists.cloudfoundry.org>
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.