Configuring Password Policies in Keycloak 21.1.2: A Step-by-Step Guide

By Anuththara Sachini Anandaraj | Software Engineer | 14th August 2023

In the realm of identity and access management, Keycloak provides a robust platform to manage authentication and security protocols for your applications. One crucial aspect of security is setting up effective password policies to ensure that user credentials are strong and well-protected. This guide will walk you through the process of configuring password policies in Keycloak’s user interface.

Step 1: Accessing the Keycloak UI

1. Log in to your Keycloak admin console.

keycloak admin page

2. Navigate to the “Authentication” menu from the left-hand sidebar.

Keycloak Authentication

Step 2: Navigating to Password Policy Settings

1. Within the “Authentication” menu, click on the “Password Policy” tab.
2. Here, you’ll be able to set up various password policies to enhance security.

keycloak password policies

Step 3: Adding Password Policies

1. To create a new password policy, click the “Add Policy” button.

keycloak 21.0.2 Add policies

Fill in the following details:

• Minimum Length: Set the minimum length requirement for passwords (e.g., 8 characters).
• Maximum Length: The maximum number of characters allowed in the password.(e.g., 15 characters)
• Uppercase Characters: Specify the minimum count of uppercase letters (e.g., 1).
• Lowercase Characters: Specify the minimum count of lowercase letters (e.g., 1).
• Digits: Specify the minimum count of digits (e.g., 1).
• Special Characters: Specify the minimum count of special characters (e.g., 1).
• No Recently Used: Prevents a recently used password from being reused.(e.g., 24).
• Expire Password: The number of days the password is valid before a new password is required.(e.g., 90 days).
• Regular Expression: Requires that the password matches one or more defined regular expression patterns. (e.g., ^\S*$).
• Password Blacklist: Prevents the use of a password that is in a blacklist file. (e.g., password)
• Not Username: The password cannot match the username.(on or off)
• Not Email: The password cannot match the email address of the user.(on or off)
• Hashing Algorithm: Applies a hashing algorithm to passwords, so they are not stored in clear text.
• Hashing Iterations: The number of times a password is hashed before storage or verification. Default: 27,500.

add policy in keycloak 21.1.2

https://wjw465150.gitbooks.io/keycloak-documentation/content/server_admin/topics/authentication/password-policies.html

Step 4: Saving the Changes

After configuring the desired password policies, click the “Save” button to apply your settings.

Step 5: Creating a User

1. Return to the Keycloak admin console.
2. Navigate to the “Users” section.
3. Click the “Add User” button to create a new user.

Step 6: Setting the Password

1. In the user’s profile, go to the “Credentials” tab.
2. Click the “Set Password” button.
3. Enter the new password that adheres to the password policies you’ve configured.
4. Click “Set Password” to finalize the change.

set password

Configuring password policies in Keycloak is a important step in safeguarding your application’s security. By following these simple steps, you can ensure that user passwords meet the desired complexity standards, thereby enhancing the protection of sensitive information. Remember, a strong authentication system starts with strong passwords.