[MAGNOLIA-6980] Security Password Policies: Standard "Password Policies" needed in Magnolia (password expiration etc.) Created: 15/Mar/17 Updated: 24/May/23 |
|
| Status: | Open |
| Project: | Magnolia |
| Component/s: | security |
| Affects Version/s: | 5.5.2 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major |
| Reporter: | Christian Ringele | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 5 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||
| Template: |
|
||||||||||||||||||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||||||||||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||||||||||||||||||
| Visible to: |
Joseph Kamwena
|
||||||||||||||||||||||||||||||||||||
| Team: | |||||||||||||||||||||||||||||||||||||
| Description |
|
Magnolia provides only one single "Password Policy":
The possible "Password Policies" should be extended to default possibilities/functionality almost every System offers (even not Enterprise):
Maybe also:
Especially in combination with the PUR module and different types of users (Public Users) such functionality is very important. Public users are in most cases not managed over AD, where some of this behavior could be delegated to. |
| Comments |
| Comment by Sarang Khapli [ 30/Mar/17 ] |
|
any roadmap for this bug fix release ? |
| Comment by Richard Gange [ 04/Aug/17 ] |
|
I think we should also have a min length setting as well. |
| Comment by Christopher Zimmermann [ 15/Jan/19 ] |
|
It would also be good to support forgotten password emails. |
| Comment by Marc Johnen [ 29/Jan/19 ] |
|
Common password policy requirements are also:
|
| Comment by Steven Young [ 03/Oct/19 ] |
|
When "Force expiration time of all passwords" feature planned to release in Magnolia, let us know version/release date for this. |
| Comment by Jürgen Ulrich [ 20/Jan/20 ] |
|
Are there any news about this ticket, if and when this feature is available? Thanks and best |
| Comment by Richard Gange [ 06/May/20 ] |
|
We are looking into it. Let me mention the workaround ideas for this. Typically 3rd party user managers have these different kind of features already integrated. LDAP, AD even Google login is supported now. |
| Comment by Marc Johnen [ 06/May/20 ] |
|
It should be easy enough with something like passay https://www.baeldung.com/java-passay. |