Skip to content
/ custom-password-policy-handler Public

Custom password policy handler (provides restriction when the password is commonly used or it contains user claims) using the WSO2 Event Handlers framework

License

Apache-2.0 license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Algo-Experts/custom-password-policy-handler

BranchesTags

Repository files navigation

identity-custom-password-policy-handler

A custom event handler to restrict the use of common passwords and claim value based passwords.

Prepare

WSO2 Identity Server

Find and open the deployment.toml file located at <IS_HOME>/repository/conf/ and append the following lines to register the event handler, and it's subscriptions.

[[event_handler]]
name= "customPasswordPolicyHandler"
subscriptions =["PRE_UPDATE_CREDENTIAL", "PRE_UPDATE_CREDENTIAL_BY_ADMIN", "PRE_ADD_USER"]
[event_handler.properties]
enableCommonPasswordRestriction = true
enableClaimBasedPasswordRestriction = true
restrictedClaims = ["http://wso2.org/claims/username", "http://wso2.org/claims/fullname", ...]

Clone and Build

Clone and build the project by executing the following commands sequentially:

git clone https://github.com/deshankoswatte/identity-custom-password-policy-handler.git
mvn clean install

Deploy

  1. After successfully building the project, copy the artifacts com.wso2.password.policy.handler-1.0.0-SNAPSHOT.jar and com.wso2.common-1.0.0-SNAPSHOT.jar from the target folder and paste it inside the <IS HOME>/repository/components/dropins folder.
  2. Then, copy the <COMMON_PASSWORDS_FILE_NAME.txt> file and paste it in <IS HOME>/repository/deployment/server/commonpasswords (Note: You should create the directory commonpasswords if it does not exist). You can find a sample common passwords file named <commonpasswords.txt> at target/classes.
  3. Finally, add the property -DcommonPasswordFileName="<COMMON_PASSWORDS_FILE_NAME.txt>" \ to the wso2server.sh file if you want to use a custom common passwords file except the default one.

You can add the following to the <IS HOME>/bin/wso2server.sh based on your requirement (if you want to use the DB-based common password validator only):

  • -DenableDBBasedCommonPasswordValidator=true \ - If you want to activate the DB-based common password validator.
  • -DenableCustomPasswordInsert=true \ - If you have inserted new data to the <COMMON_PASSWORDS_FILE_NAME.txt> file.
  • -DenableCustomPasswordDelete=true \ - If you want to drop the common password repository on component deactivation.

Run

Start your WSO2 Identity Server by executing the command sh wso2server.sh from your <IS HOME>/bin folder.

Test

Scenario Reproduction Steps

  1. Create a user/Update a user's password with a common password such as 1234 or a claim related password such as the username itself.
  2. The user will get a prompt saying that the password contains security vulnerabilities hence requiring to use another password instead.

Tested Environment Details

Operating System - Ubuntu 20.04
Java Version - 1.8
Identity Server Versions - IS-5.11.0

About

Custom password policy handler (provides restriction when the password is commonly used or it contains user claims) using the WSO2 Event Handlers framework

Topics

wso2 event-handlers passwords wso2-identity-server hacktoberfest password-policy wso2-password-validators wso2-event-handler

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Contributors 2

  •  
  •  

Languages