OpenAM Custom Password Generator : I told you in a previous post about the OpenLDAP Password Policy Module which allows defining the password complexity rules by configuring an external file. OpenAM-CPG is an OpenAM reset password plugin using the same configuration file rules to generate random passwords .
Lately, one of our clients having OpenLDAP wanted his OpenAM reset password module being able to generate passwords compatible with the Password Policy Module. Fortunately, OpenAM allows the administrator to define a custom class to generate random passwords. So all we had to do, is to develop a class that implements the PasswordGenerator
interface and reads the rules of generation from the OpenLDAP PPM configuration file ppm.conf.
You can find this OpenAM plugin project here : https://bitbucket.org/januadev/openam-cpg
For more information, here is it’s README file :
<strong><em> OpenAM Custom Password Generator (OpenLDAP PPM Compatible) </em></strong>
The CustomPasswodGenerator class is an OpenAM plugin for password generation wich is compatible with the Password Policy Module for OpenLDAP (<a href="https://bitbucket.org/januadev/ppm" rel="nofollow">https://bitbucket.org/januadev/ppm</a>)
<strong> Installation </strong>
- Put CustomPasswordGenerator.class in the following folder of OpenAM web application : WEB-INF/classes
- Put ppm.conf in the following path of OpenAM web application : WEB-INF/classes/com/sun/identity/password/plugins
- In OpenAM set the Password Reset Option value to com.sun.identity.password.plugins.CustomPasswordGenerator (http://docs.forgerock.org/en/openam/11.0.0/admin-guide/index/chap-pwd-reset.html#forgotten-pwd-reset )
<strong> Configuration </strong>
Edit ppm.conf to configure. OpenAM-CPG is compatible with the OpenLDAP Password Policy Module, wich means if you have it, you should just copy it's ppm.conf to the OpenAM web application following path : WEB-INF/classes/com/sun/identity/password/plugins.
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.
Les derniers articles par Daly (tout voir)
- OpenAM : Saving OAuth2 consent - 14 avril 2016
- OpenAM : Login with email on OpenID Connect provider - 14 octobre 2015
- OpenID Connect with OpenAM - 3 septembre 2015