WSO2 Identity Server (IS) allows you to define custom password policies and enforce them at the point of user creation. This topic guides you through configuring a simple custom password policy and enforcing it. You can also have a different password policy for each tenant in a multi-tenant environment.
- Start the WSO2 IS server and login to the management console.
- Click Resident under Identity Providers found in the Main tab of the management console.
- Expand the Password Policies tab.
Expand the Password Patterns tab and select Enable Password Policy Feature. Update the default values and click Update.
Configuring password policies for multiple tenants
To configure this separately for different tenants in a multi-tenant environment, first login with Tenant A credentials and configure the password policy. Next, logout and login again with Tenant B credentials to configure a different policy for Tenant B.
Field Description Default Value Password Policy Min Length This value specifies the minimum length allowed for a password. 6 Password Policy Max Length This value specifies the maximum length allowed for a password. 12 Password Policy Pattern This is a Java based regular expression (regex) that defines a character sequence for the password to follow.
For more information on the password pattern characters and the different patterns you can use, see Java Regex Pattern .
Password Policy Error Message This value specifies the error message that will appear if the password policy is violated at the point of user creation. 'Password pattern policy violated. Password should contain a digit[0-9], a lower case letter[a-z], an upper case letter[A-Z], one of !@#$%&* characters'
- To configure a global password policy that applies to all tenants, you can write a custom password policy using the configuration file instead of through the management console. For more information, see Writing a Custom Password Validator.
- To record user password history, see Password History Validation.