By: Andrew Nisbet user 18 Jul 2018 at 11:35 p.m. CDT

1 Response
Andrew Nisbet gravatar
Hi, We are evaluating Gluu as a possible IAM solution, and I have a few questions about password functionality that I am hoping someone can answer for me. I can't seem to find anything that explicitly discusses any password options. Is it possible to do the following? -- Expire a user's password after a period of time(60 or 90 days for example) -- Prohibit a user from reusing a password for n number of instances(can't use any of the five previous passwords for example)

By Michael Schwartz Account Admin 18 Jul 2018 at 11:45 p.m. CDT

Michael Schwartz gravatar
You can implement password reset as part of an authentication flow using a Person Authentication interception script. There is an example in [Github](https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations/basic.password_expiration) If you want to hash previous passwords, and store them in the user entry, that's certainly possible by making the above interception script a little fancier. You'll probably need to make a custom user attribute called something like g2llcPasswordData. You'll need to add it to the OpenDJ schema, then register it by adding the attribute in oxTrust. Check the docs for adding custom attributes to the Gluu Server. Remember, the Gluu Server is not an IDM platform. Password reset is normally in the wheel house of IDM--i.e. add, edit, delete user information, and connecting to various systems that need that data. The Gluu Server, which is an access management platform, is a consumer of identity data from the IDM system. Typically the interface between the Gluu Server, and the IDM is [SCIM](https://tools.ietf.org/html/rfc7644#section-3.2) With that said, automating password reset at login is one of the cases where IDM and IAM intersect.