Project

General

Profile

Actions

Task #2679

closed

Change minimum number of days for password validity check

Added by Vladimír Kotýnek almost 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
High
Assignee:
Radek Tomiška
Category:
Password policy
Target version:
Start date:
02/10/2021
Due date:
% Done:

100%

Estimated time:
24.00 h
Owner:

Description

Requirements: https://wiki.czechidm.com/priv/navrh/selektivni_minimalni_platnost_hesla

In the current version of CzechIdM when the "minimum number of days for password validity" (condition) in password policy is set, password of the user can be changed only once in given number of days. No exceptions.

I'd like to change this behavior to:
  1. if the user changes his/her own password, the condition is mandatory
  2. if the user changes password to some other user (e. g. as an admin, help desk operator, manager...), the condition is never checked. Also during the next password change of this user the condition is not checked too
  3. if the password change comes from the password filter it always equals to the #1 case - the condition is mandatory
  4. if the password has set "must change" flag to true, the condition is never checked

This new behavior should be implicit - admin will not be able to enable the original behavior.

The condition is often used to prevent users from multiple password changes in a row to end up with the same password again. However when the user needs new password to be set by admin and change of the password is requred the condition prevents the user from doing it.


Related issues

Related to IdStory Identity Manager - Feature #2325: REST endpoint and behavior for password filterClosedOndřej Kopr06/16/202008/31/2020

Actions
Related to IdStory Identity Manager - Task #2714: Password policy: Implement BE bulk action for delete password policyClosedRadek Tomiška03/09/2021

Actions
Related to IdStory Identity Manager - Task #2738: Prove that password filter reacts properly to PASSWORD_CANNOT_CHANGE result codeRejectedOndrej Husník03/29/2021

Actions
Related to IdStory Identity Manager - Task #2858: Check Minimum number of days when changing password via password filter using superAdminRejectedVladimír Kotýnek06/16/2021

Actions
Actions

Also available in: Atom PDF