Password Policy Configuration

Define and implement organization-specific password policies.

You can define customized password rules to strengthen security based on your organization's needs. Configure these rules using either:

Kubernetes deployment: Set the global.userManagement.passwordPolicyRules Helm value.
Docker deployment: Use the CYBUS_AUTH_PASSWORD_POLICY_RULES environment variable.

If not configured, the default password rule is {"min": 5}, which requires passwords to have a minimum length of five characters without any specific character type requirements.

Configuring Password Rules

Configuring Password Rules (Kubernetes)

Open the values.yaml file.
Set the global.userManagement.passwordPolicyRules Helm value to configure your password rules. For a list of all configuration properties, see Password Parameters.

global:
  userManagement:
    passwordPolicyRules: '{"min": 10, "upper": 1, "lower": 1, "numeric": 1, "symbol": 1}'

Upgrade your Helm chart to apply the Helm configuration changes. For more information, see Applying Helm configuration changes.

helm upgrade -n <namespace> <installation-name> -f values.yaml

Verify your configuration.
- Check the auth-server logs for any errors.
- Try creating a new user with a password that does not meet the requirements to test.

Configuring Password Rules (Docker)

Navigate to your Connectware installation directory. If you have used the default values during installation, this is the installation folder: /opt/connectware. The directory contains an .env file that is loaded when starting Connectware.
Open the .env file.
Set the CYBUS_AUTH_PASSWORD_POLICY_RULES environment variable to configure your password rules. For a list of all configuration properties, see Password Parameters.

environment:
  - CYBUS_AUTH_PASSWORD_POLICY_RULES={"min": 10, "upper": 1, "lower": 1, "numeric": 1, "symbol": 1}

Start or restart Connectware. For more information, see Restarting Connectware.
Verify your configuration.
- Check the auth-server logs for any errors.
- Try creating a new user with a password that does not meet the requirements to test.

Password Parameters

The CYBUS_AUTH_PASSWORD_POLICY_RULES variable parameters must contain a properly formatted JSON object. The following parameters are available:

Parameter

Description

Example

min

Minimum total password length

{"min": 8}

lower

Minimum number of lowercase letters

{"lower": 2} for at least two lowercase characters like a or b

upper

Minimum number of uppercase letters

{"upper": 1} for at least one uppercase character like A or B

numeric

Minimum number of numeric digits

{"numeric": 1} for at least one digit like 1 or 2

symbol

Minimum number of special characters

{"symbol": 1} for at least one symbol like $ or #

Parameter values: Each parameter accepts a single integer value.
Optional parameters: All parameters are optional in the JSON object.
Disabled rules: Setting any value to zero (e.g., {"upper": 0}) disables that specific rule.
Character classification: Character classes are evaluated using Unicode Regular Expression category parameters. For details on the exact definition of the character classes, see https://unicode.org/reports/tr18/#General_Category_Property.

Troubleshooting

The environment variable is validated during system startup. If there is a misconfiguration (e.g., JSON syntax error), the auth-server container will fail to start and log an appropriate error message. Check the auth-server container logs for troubleshooting.

PreviousServer Certificates NextJSON Web Tokens

Last updated 9 days ago

Was this helpful?