Configuring Password Patterns¶

WSO2 Identity Server enables defining custom password policies and enforcing them at the point of user creation. This enables complying with password policies that are deemed necessary through various regulations.

Scenario¶

Pickup is a cab company that has many employees who use different credentials to sign in to different internal enterprise applications. Sam, who is an administrator at Pickup, wants to enforce the following password pattern:

• Minimum password length: 6
• Maximum password length: 12
• Must contain at least 1 lowercase alphabetical character
• Must contain at least 1 uppercase alphabetical character
• Must contain at least 1 numeric character
• Must contain at least one special character out of the !@#$%&* characters

Set up¶

Follow the steps below to define the password policy that Sam wants to enforce.

1. On the Main menu of the Management Console, click Identity > Identity Providers > Resident.

   

2. Under Password Policies, click Password Patterns.

   

3. Enter the required values as given below.

   

   Field	Description	Sample Value
   Enable Password Policy Feature	This enables password patterns in WSO2 Identity Server.	Selected
   Password Policy Min Length	This is the minimum password length allowed.	6
   Password Policy Max Length	This is the maximum password length allowed.	12
   Password Policy Pattern	This is the allowed password pattern.	^((?=.\d)(?=.[a-z])(?=.[A-Z])(?=.[!@#$%&*])).{0,100}$
   Password Policy Error Message	This appears when the password violates the defined password pattern.	'Password pattern policy violated! The password should contain a digit [0-9], a lower case letter [a-z], an upper case letter [A-Z], and one of the !@#$%&* characters.'

Try out¶

1. On the Main menu of the Management Console, click Identity > Users and Roles > Add.

2. Click Add New User.

3. Enter Alex as the user name and test123 as the password.

4. Click Finish. Note that the error message that you added for the password pattern appears.