Keycloak set password policy via Rest API
Question
I would like to update/add password policy through Keycloak RestAPI.
I went through the docs, but it looks like that I may only retrieve the list of password policy through APIs. Any other possible way so that I can handle the password policy through Rest API?
https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_serverinforepresentation
https://www.keycloak.org/docs-api/11.0/rest-api/index.html#_passwordpolicytyperepresentation
I am using Keycloak 11.
Update: I managed to figure out that the password policy values are located inside the password policy column under Realm table. I think that I might need to restart Keycloak, or clear Keycloak cache using Keycloak Rest API (POST /{realm}/clear-realm-cache) on https://www.keycloak.org/docs-api/11.0/rest-api/index.html to make it work once I update the table.
1 answers
solution1
3 ACCPTED 2021-03-31 10:13:36
You can use Keycloak Rest API :
To get the list of the password policies being used by the Realm, namely:
GET <KEYCLOAK_HOST>/auth/admin/realms/<YOUR_REALM>
from the JSON response extract the field:
passwordPolicy
For the following policies:
you would get the following response:
length(8) and hashIterations(27500)
And if you want to add/update a given policy
PUT <KEYCLOAK_HOST>/auth/admin/realms/<YOUR_REALM>
with the appropriate data parameter. For instance, let us say that from the previous example you want to update the "Minimum length" policy to 10 instead of 8, then the data to be send in the PUT request would be:
'{"passwordPolicy":"length(10) and hashIterations(27500)"}'
For those that are interested I have scripts for the aforementioned actions in this git repo .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.