Password Policy Configuration
Define and implement organization-specific password policies.
You can define customized password rules to strengthen security based on your organization's needs. Configure these rules using either:
Kubernetes deployment: Set the
global.userManagement.passwordPolicyRules
Helm value.Docker deployment: Use the
CYBUS_AUTH_PASSWORD_POLICY_RULES
environment variable.
If not configured, the default password rule is {"min": 5}
, which requires passwords to have a minimum length of five characters without any specific character type requirements.
Configuring Password Rules
Configuring Password Rules (Kubernetes)
Open the
values.yaml
file.Set the
global.userManagement.passwordPolicyRules
Helm value to configure your password rules. For a list of all configuration properties, see Password Parameters.
global:
userManagement:
passwordPolicyRules: '{"min": 10, "upper": 1, "lower": 1, "numeric": 1, "symbol": 1}'
Upgrade your Helm chart to apply the Helm configuration changes. For more information, see Applying Helm configuration changes.
helm upgrade -n <namespace> <installation-name> -f values.yaml
Verify your configuration.
Check the auth-server logs for any errors.
Try creating a new user with a password that does not meet the requirements to test.
Password Parameters
The CYBUS_AUTH_PASSWORD_POLICY_RULES
variable parameters must contain a properly formatted JSON object. The following parameters are available:
min
Minimum total password length
{"min": 8}
lower
Minimum number of lowercase letters
{"lower": 2}
for at least two lowercase characters like a
or b
upper
Minimum number of uppercase letters
{"upper": 1}
for at least one uppercase character like A
or B
numeric
Minimum number of numeric digits
{"numeric": 1}
for at least one digit like 1
or 2
symbol
Minimum number of special characters
{"symbol": 1}
for at least one symbol like $
or #
Parameter values: Each parameter accepts a single integer value.
Optional parameters: All parameters are optional in the JSON object.
Disabled rules: Setting any value to zero (e.g.,
{"upper": 0}
) disables that specific rule.Character classification: Character classes are evaluated using Unicode Regular Expression category parameters. For details on the exact definition of the character classes, see https://unicode.org/reports/tr18/#General_Category_Property.
Troubleshooting
The environment variable is validated during system startup. If there is a misconfiguration (e.g., JSON syntax error), the auth-server container will fail to start and log an appropriate error message. Check the auth-server container logs for troubleshooting.
Last updated
Was this helpful?