Written by ilgrosso
In its journey towards 2.0.0, Apache Syncope has recently introduced the support for completely customizable account and password policies.
An account policy defines how usernames should look like: minimum / maximum length, forbidden values and so on.
A password policy does a similar job, but with password values.
Up to Apache Syncope 1.2 there are several predefined options for both policy types, which can be also configured from admin console, as shown by project's wiki.
But we know that customers' fantasy is endless, especially when it comes to deal with internal organization, workflows and security aspects.
I have prepared a sample project which contains:
$ git clone firstname.lastname@example.org:ilgrosso/SyncopeCustomPolicyRules.git $ cd SyncopeCustomPolicyRules $ mvn clean install $ cd console $ mvn -P embedded
At this point Apache Syncope is up and running; you can verify by pointing your browser to http://localhost:9080/syncope/doc/.
I have also setup some quite self-explanatory client code which essentially:
With reference to the SyncopeCustomPolicyRules directory created from above:
$ cd sample $ mvn
Sample output of this application can be found here.
The ability to write your own custom account and password policies increases the already wide range of extension points provided by Apache Syncope in an area which is particularly sensible to security aspects.