Open 10000-ki opened 3 weeks ago
@10000-ki you can set the setting: plugins.security.restapi.password_score_based_validation_strength
to one of the values from this ScoreStrength enum as needed. You can read more about zxcvbn here.
@DarshitChanpura
I'm not just talking about scoring
, but also similarity check
final boolean similar = strength.getSequence().stream().anyMatch(USERNAME_SIMILARITY_CHECK)
PasswordValidation
checks may not always be necessary in some situations.
(test or internal user)
I thought it would be nice to give the user a choice.
[Triage] Hi @10000-ki, thank you for filing this issue. @willyborankin is taking a look to make sure there is no bug here and will update.
I will take a look on the similarity check. It could be that I misunderstood how the library works.
Is your feature request related to a problem?
The opensearch default auth id/password validation criteria is pretty strict.
For things like scoring and similarity checks, the error messages are also vague compared to regular expression checks. making it difficult for users to know exactly what to do to fix the problem.
What solution would you like?
I'd like to see an option to make
the scoring and id/password similarity check validation optional
.like this
What alternatives have you considered? A clear and concise description of any alternative solutions or features you've considered.
Do you have any additional context? Add any other context or screenshots about the feature request here.