Re: UAA : Is anyone utilizing the Password Score Feature

Winkler, Steve (GE Digital) <steve.winkler@...>


From: Nicholas Calugar <ncalugar(a)<mailto:ncalugar(a)>>
Reply-To: "Discussions about Cloud Foundry projects and the system overall." <cf-dev(a)<mailto:cf-dev(a)>>
Date: Wednesday, June 3, 2015 at 12:20 PM
To: "Discussions about Cloud Foundry projects and the system overall." <cf-dev(a)<mailto:cf-dev(a)>>
Cc: CF Developers Mailing List <cf-dev(a)<mailto:cf-dev(a)>>
Subject: Re: [cf-dev] UAA : Is anyone utilizing the Password Score Feature

Hi Sree,

Not sure if this is possible, but maybe instead of requireAtLeastOneSpecialCharacter boolean, you could do minSpecialCharacters int (0-n)? This would allow more rigorous password policies.


Nicholas Calugar

On Wed, Jun 3, 2015 at 12:00 PM, Sree Tummidi <stummidi(a)<mailto:stummidi(a)>> wrote:

Hi All,

The UAA team is in the process of implementing Password Policy feature<> for users stored in UAA.
The following properties around password strength will be exposed in the YML configuration.

# minLength: 8
# requireAtLeastOneSpecialCharacter: true
# requireAtLeastOneUppercaseCharacter: true
# requireAtLeastOneLowercaseCharacter: true
# requireAtLeastOneDigit: true

The Password Policy feature is being implemented to support multi-tenant UAA. Each Tenant/Identity Zone will get its own password policy. The password policy for the default zone will be configurable via YML.

UAA currently supports the zxcvbn<> style password score. This is currently exposed via the following properties in the YML configuration file. There is an end point<> for querying the status of the same.


required-score: <int>

We would like to understand if this password score feature is being utilized at all. We don't plan on making this feature multi-tenant and would like to drop this in favor of the new approach which is much more granular and supports multi tenancy.

Sree Tummidi
Sr. Product Manager
Identity - Pivotal Cloud Foundry

Join to automatically receive all group messages.