Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/deshankoswatte/identity-custom-password-policy-handler

Custom password policy handler (provides restriction when the password is commonly used or it contains user claims) using the WSO2 Event Handlers framework
https://github.com/deshankoswatte/identity-custom-password-policy-handler

event-handlers password-policy passwords wso2 wso2-event-handler wso2-identity-server wso2-password-validators

Last synced: 26 days ago
JSON representation

Custom password policy handler (provides restriction when the password is commonly used or it contains user claims) using the WSO2 Event Handlers framework

Host: GitHub
URL: https://github.com/deshankoswatte/identity-custom-password-policy-handler
Owner: deshankoswatte
License: apache-2.0
Created: 2021-07-16T07:00:46.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2021-09-08T15:00:43.000Z (over 3 years ago)
Last Synced: 2024-12-19T17:07:11.317Z (about 1 month ago)
Topics: event-handlers, password-policy, passwords, wso2, wso2-event-handler, wso2-identity-server, wso2-password-validators
Language: Java
Homepage:
Size: 103 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# identity-custom-password-policy-handler

A custom event handler to restrict the use of common passwords and claim value based passwords.

## Prepare

### WSO2 Identity Server

Find and open the `deployment.toml` file located at `/repository/conf/` and append the following lines to
register the event handler, and it's subscriptions.

```
[[event_handler]]
name= "customPasswordPolicyHandler"
subscriptions =["PRE_UPDATE_CREDENTIAL", "PRE_UPDATE_CREDENTIAL_BY_ADMIN", "PRE_ADD_USER"]
[event_handler.properties]
enableCommonPasswordRestriction = true
enableClaimBasedPasswordRestriction = true
restrictedClaims = ["http://wso2.org/claims/username", "http://wso2.org/claims/fullname", ...]
```

### Clone and Build

Clone and build the project by executing the following commands sequentially:

```
git clone https://github.com/deshankoswatte/identity-custom-password-policy-handler.git
mvn clean install
```

### Deploy

1. After successfully building the project, copy the artifacts `com.wso2.password.policy.handler-1.0.0-SNAPSHOT.jar`
and `com.wso2.common-1.0.0-SNAPSHOT.jar` from the target folder and paste it inside
the `/repository/components/dropins` folder.
2. Then, copy the `` file and paste it
in `/repository/deployment/server/commonpasswords` (Note: You should create the directory `commonpasswords`
if it does not exist). You can find a sample common passwords file named `` at `target/classes`.
3. Finally, add the property `-DcommonPasswordFileName="" \` to the `wso2server.sh`
file **if you want to use a custom common passwords file except the default one**.

You can add the following to the `/bin/wso2server.sh` based on your requirement **(if you want to use the
DB-based common password validator only)**:

- `-DenableDBBasedCommonPasswordValidator=true \` - If you want to activate the DB-based common password validator.
- `-DenableCustomPasswordInsert=true \` - If you have inserted new data to the `` file.
- `-DenableCustomPasswordDelete=true \` - If you want to drop the common password repository on component deactivation.

## Run

Start your WSO2 Identity Server by executing the command `sh wso2server.sh` from your `/bin` folder.

## Test

### Scenario Reproduction Steps

1. Create a user/Update a user's password with a common password such as `1234` or a claim related password such as the
username itself.
2. The user will get a prompt saying that the password contains security vulnerabilities hence requiring to use another
password instead.

### Tested Environment Details

```
Operating System - Ubuntu 20.04
Java Version - 1.8
Identity Server Versions - IS-5.11.0
```