diff --git a/docs/admin/config-guide/user-password-validation.md b/docs/admin/config-guide/user-password-validation.md new file mode 100644 index 00000000000..e604eceae1f --- /dev/null +++ b/docs/admin/config-guide/user-password-validation.md @@ -0,0 +1,106 @@ +--- +tags: + - administration + - configuration + - password +--- + +# Password validation +User password validation can be set to check the password strength, +like the password must have at least one uppercase, or lowercase, number, and +the length of the password. +By default, the password attribute validation is not enabled. + + +## Enable user password validation through Command Line Tool (CLI) +1. Obtain the unique ID, that is inum for `userPassword` attribute. +```shell +/opt/jans/jans-cli/config-cli.py --operation-id get-attributes --endpoint-args pattern:userPassword +``` + +2. Obatin the PatchRequest schema +```shell +/opt/jans/jans-cli/config-cli.py --schema PatchRequest > /tmp/patch.json +``` + +3. Update `/tmp/patch.json` with user password validation details + + - Enter a valid regex expression to check the strength of the password. + - Enter **Minimum length**, the minimum length of a value associated with + this attribute. + - Enter **Maximum length**, the maximum length of a value associated with + this attribute. + Following is the example of having `userPassword` with minimum 8 characters, + maximum 20 characters and should be alphanumeric with special characters. + ```shell + [{ + "op": "add", + "path": "/attributeValidation", + "value": { + "minLength": 5, + "maxLength":15, + "regexp": "^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#&()–[{}]:;',?/*~$^+=<>]).{8,20}$" + } + }] + ``` + +4. Execute patch operation for `userPassword` attribute. +```shell +/opt/jans/jans-cli/config-cli.py --operation-id patch-attributes-by-inum --url-suffix="inum:AAEE" --data /tmp/patch.json +``` +![update default authentication method](../../assets/image-pwd-enable-custom-validation-jans-cli.png) + +5. Create a new user using `post-user` operation. + +6. An error notification will be displayed if the password does not match the + validation criteria. + + +## Enable user password validation through Jans Text UI (TUI) + +1. When using [Janssen Text-based UI(TUI)](../../config-guide/config-tools/jans-tui/README.md) to configure `userPassword` attribute validation , navigate via +`Auth Server`->`Attributes`->search for `userPassword` attribute->open the attribute details->enable `Enable Custom Validation` field-> Enter a value for `Regular expression`, `Minimum Length` & `Maximum Length` fields->Save +![update default authentication method](../../assets/image-pwd-enable-custom-validation.png) + +2. Create a new user using `Users` TUI menu. + +3. An error notification will be displayed if the password does not match the validation criteria. + + +## Enable user password validation through Jans Config API + +1. Obtain the access token +```shell +curl -k -u ":" https:///jans-auth/restv1/token \ + -d "grant_type=client_credentials&scope=https://jans.io/oauth/config/attributes.write" +``` + +2. Obtain the unique ID, that is inum for `userPassword` attribute. +```shell +curl -k -i -H "Accept: application/json" -H "Content-Type: application/json" \ + -H "Authorization:Bearer " + -X GET https:///jans-config-api/api/v1/attributes?pattern=userPassword +``` + +3. Apply Patch for `userPassword`, use inum as path parameter +- Enter a valid regex expression to check the strength of the password. +- Enter **Minimum length**, the minimum length of a value associated with this attribute. +- Enter **Maximum length**, the maximum length of a value associated with this attribute. + Following is the example of having `userPassword` with minimum 8 characters, maximum 20 characters, and should be alphanumeric with special characters. +```shell +curl -k --location --request PATCH 'https:///jans-config-api/api/v1/attributes/' \ + --header 'Content-Type: application/json-patch+json' --header 'Authorization: Bearer ' \ + --data-raw '[{ + "op": "add", + "path": "/attributeValidation", + "value": { + "minLength": 8, + "maxLength":20, + "regexp": "^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#&()–[{}]:;'\'',?/*~$^+=<>]).{8,20}$" + } +}]' +``` + +4. Create a new user using `/jans-config-api/mgt/configuser` endpoint. + +5. An error notification will be displayed if the password does not match the validation criteria. \ No newline at end of file diff --git a/docs/assets/image-pwd-enable-custom-validation-jans-cli.png b/docs/assets/image-pwd-enable-custom-validation-jans-cli.png new file mode 100644 index 00000000000..d939b3fbfec Binary files /dev/null and b/docs/assets/image-pwd-enable-custom-validation-jans-cli.png differ diff --git a/docs/assets/image-pwd-enable-custom-validation.png b/docs/assets/image-pwd-enable-custom-validation.png new file mode 100644 index 00000000000..e296fac2921 Binary files /dev/null and b/docs/assets/image-pwd-enable-custom-validation.png differ diff --git a/docs/assets/image-pwd-regex.png b/docs/assets/image-pwd-regex.png new file mode 100644 index 00000000000..d0f993bd3d3 Binary files /dev/null and b/docs/assets/image-pwd-regex.png differ diff --git a/mkdocs.yml b/mkdocs.yml index 3d45ea8385f..ee190546802 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -143,6 +143,7 @@ nav: - SCIM User Resources: admin/config-guide/user-config.md - SCIM Group Management: admin/config-guide/scim-group-config.md - Authentication via Device Flow: admin/config-guide/device-flow-config.md + - Password Validation: admin/config-guide/user-password-validation.md - Database Guide: - admin/reference/database/README.md - RDBMS Erwin Table: admin/reference/database/rdbms-erwin.md