Configuring a password policy - PingFederate - 11.0

PingFederate Server

bundle
pingfederate-110
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.0
category
Product
pf-110
pingfederate
ContentType_ce

PingFederate applies a configurable policy to passwords, pass phrases, and shared secrets defined by administrators in the administrative console.

These fields include, but are not limited to:

  • Passwords used by HTTP Basic authentication for:
    • Inbound SOAP messages from partners via back-channel calls
    • WS-Trust STS
  • Shared secrets used by the credentials defined for:
    • Attribute Query
    • Java Management Extensions (JMX)
    • Connection Management
    • Single sign-on (SSO) Directory Service
  • Passwords used by instances of the Simple Username Password Credential Validator (PCV)
  • Passwords used for encrypting certificates exported with their private keys
  • Pass phrases used by identity provider (IdP) Discovery
  • Passwords used by administrative console credentials when native authentication is used
Note:

Passwords external to PingFederate, such as passwords used by instances of the datastores, are not subject to this password policy.

  1. Edit the <pf_install>/pingfederate/server/default/data/config-store/password-rules.xml file.
  2. Save the changes.
  3. Restart PingFederate.

    For a clustered PingFederate environment, perform these steps on the console node. You do not have to change or restart PingFederate on the engine nodes.