Configuring a password policy
PingFederate applies a configurable policy to passwords, pass phrases, and shared secrets defined by administrators in the administrative console.
About this task
These fields include, but are not limited to:
-
Passwords used by HTTP Basic authentication for:
-
Inbound SOAP messages from partners via back-channel calls
-
WS-Trust STS
-
-
Shared secrets used by the credentials defined for:
-
Attribute Query
-
Java Management Extensions (JMX)
-
Connection Management
-
Single sign-on (SSO) Directory Service
-
-
Passwords used by instances of the Simple Username Password Credential Validator (PCV)
-
Passwords used for encrypting certificates exported with their private keys
-
Pass phrases used by identity provider (IdP) Discovery
-
Passwords used by administrative console credentials when native authentication is used
|
Passwords external to PingFederate, such as passwords used by instances of the datastores, are not subject to this password policy. |
Steps
-
Edit the
<pf_install>/pingfederate/server/default/data/config-store/password-rules.xmlfile. -
Save the changes.
-
Restart PingFederate.
For a clustered PingFederate environment, perform these steps on the console node. You do not have to change or restart PingFederate on the engine nodes.