Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

blueprints: add default Password policy #11793

Merged
merged 10 commits into from
Nov 11, 2024
Merged

blueprints: add default Password policy #11793

merged 10 commits into from
Nov 11, 2024
+34 −2

Commits on Oct 25, 2024

  1. add password policy to default password change flow 

    This change complies with the minimal compositional requirements by
NIST SP 800-63 Digital Identity Guidelines. See
https://pages.nist.gov/800-63-4/sp800-63b.html#password

More work is needed to comply with other parts of the Guidelines,
specifically

> If the chosen password is found on the blocklist, the CSP or verifier
> [...] SHALL provide the reason for rejection.

and

> Verifiers SHALL offer guidance to the subscriber to assist the user in
> choosing a strong password. This is particularly important following
> the rejection of a password on the blocklist as it discourages trivial
> modification of listed weak passwords.
    @gergosimonyi @BeryJu
    gergosimonyi authored and BeryJu committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    d9faba8 View commit details
    Browse the repository at this point in the history

  2. add docs for default Password policy

    @gergosimonyi @BeryJu
    gergosimonyi authored and BeryJu committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    115c29f View commit details
    Browse the repository at this point in the history

  3. remove HIBP from default Password policy

    @gergosimonyi @BeryJu
    gergosimonyi authored and BeryJu committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    7586fda View commit details
    Browse the repository at this point in the history

  4. add zxcvbn to default Password policy

    @gergosimonyi @BeryJu
    gergosimonyi authored and BeryJu committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    2942225 View commit details
    Browse the repository at this point in the history

  5. add fallback password error message to password policy, fix validatio… 

    …n policy

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
    @BeryJu
    BeryJu committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    9065277 View commit details
    Browse the repository at this point in the history

Commits on Oct 30, 2024

  1. reword docs 

    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
    @gergosimonyi @tanberry
    gergosimonyi and tanberry authored Oct 30, 2024
    Configuration menu
    Copy the full SHA
    c2b91f5 View commit details
    Browse the repository at this point in the history

  2. add HIBP caveat 

    Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
    @gergosimonyi @BeryJu
    gergosimonyi and BeryJu authored Oct 30, 2024
    Configuration menu
    Copy the full SHA
    9154062 View commit details
    Browse the repository at this point in the history

Commits on Nov 6, 2024

  1. separate policy into separate blueprint 

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>
    @BeryJu
    BeryJu committed Nov 6, 2024
    Configuration menu
    Copy the full SHA
    711d224 View commit details
    Browse the repository at this point in the history

  2. use password policy for oobe flow 

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>
    @BeryJu
    BeryJu committed Nov 6, 2024
    Configuration menu
    Copy the full SHA
    fac4735 View commit details
    Browse the repository at this point in the history

Commits on Nov 8, 2024

  1. kiss 

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>
    @BeryJu
    BeryJu committed Nov 8, 2024
    Configuration menu
    Copy the full SHA
    41f7ba5 View commit details
    Browse the repository at this point in the history