March 29, 2020
Estimated Post Reading Time ~

How to set password policy for AEM Users

Adobe was the one who was handling servers and one day when I was trying to create users in AEM via classic UI, so there was no error while creating users but when I search for that particular user, I could not able to find the user.

I raised this issue to Adobe and got to know that they have made a configuration for password constraint and while making users we need to follow that constraint.

Now the question is where Adobe defined the constant for password policy and is it a good thing to do?

There is one OSGi Configuration in Felix console which is “Apache Jackrabbit
Oak Authorizable ActionProvider”.

Fig: Apache Jackrabbit Oak Authorizable ActionProvider

In this configuration enable the “PasswordValidationAction” in the “Authorizable Actions” and add the regex in "Configure PasswordValidationAction: Password Constraint".
The ideal constraint defined by adobe is :
(?\=.*\\d.*)(?\=.*[a-z].*)(?\=.*[A-Z].*)(?\=.*[@#%\\*\\-+\=~\\[\\]{}<>\\?].*).{12,}
Which means at least 12 characters,one uppercase,one lowercase, one digit and
one special character.

But it’s completely your choice which regex value you want to configure.
In AEM, by default, we can assign any password to a user. But we can restrict
this and force users to strict password validation rule to increase more security
for the users so that nobody can create users with simple passwords and accounts can be hacked easily.

Note: If you face a similar issue, then yes in classic UI this is an AEM (I checked in 6.5) the issue that it doesn’t show any error if you don't follow the policy but in touch UI, it shows the error notification.

Note: If your servers are not being handled by adobe but by yourself, it is always recommended to enable the password constraints for the servers.


By aem4beginner

No comments:

Post a Comment

If you have any doubts or questions, please let us know.