I raised this issue to Adobe and got to know that they have made a configuration for password constraint and while making users we need to follow that constraint.
Now the question is where Adobe defined the constant for password policy and is it a good thing to do?
There is one OSGi Configuration in Felix console which is “Apache Jackrabbit
Oak Authorizable ActionProvider”.
Fig: Apache Jackrabbit Oak Authorizable ActionProvider
In this configuration enable the “PasswordValidationAction” in the “Authorizable Actions” and add the regex in "Configure PasswordValidationAction: Password Constraint".
The ideal constraint defined by adobe is :
(?\=.*\\d.*)(?\=.*[a-z].*)(?\=.*[A-Z].*)(?\=.*[@#%\\*\\-+\=~\\[\\]{}<>\\?].*).{12,}
Which means at least 12 characters,one uppercase,one lowercase, one digit and
one special character.
But it’s completely your choice which regex value you want to configure.
In AEM, by default, we can assign any password to a user. But we can restrict
this and force users to strict password validation rule to increase more security
for the users so that nobody can create users with simple passwords and accounts can be hacked easily.
Note: If you face a similar issue, then yes in classic UI this is an AEM (I checked in 6.5) the issue that it doesn’t show any error if you don't follow the policy but in touch UI, it shows the error notification.
Note: If your servers are not being handled by adobe but by yourself, it is always recommended to enable the password constraints for the servers.
No comments:
Post a Comment
If you have any doubts or questions, please let us know.