You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I use Keycloak as an OIDC provider with connected OpenLDAP as user federation. The requirement is that the password history (i.e. the last n passwords) stored in OpenLDAP should be taken into account when the user updates the password via Keycloak. Although we have currently set up a corresponding password policy with password history in OpenLDAP and this also works in OpenLDAP, it does not work in Keycloak: If a user is prompted to reassign his password (e.g. by the required user action "Update password"), they can unfortunately still reuse a password that has already been used.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I use Keycloak as an OIDC provider with connected OpenLDAP as user federation. The requirement is that the password history (i.e. the last n passwords) stored in OpenLDAP should be taken into account when the user updates the password via Keycloak. Although we have currently set up a corresponding password policy with password history in OpenLDAP and this also works in OpenLDAP, it does not work in Keycloak: If a user is prompted to reassign his password (e.g. by the required user action "Update password"), they can unfortunately still reuse a password that has already been used.
The following options have been set in Keycloak:
Deactivating the password policy "Reqular Expression" unfortunately does not solve the problem.
Has anyone already gotten such a setup to work or is such a setup even possible or does anyone have an idea why this does not work as expected?
Beta Was this translation helpful? Give feedback.
All reactions