Credentials management policy. It specifies the management details for each supported credentials type. It defines parameters such as credential lifetime. It may define even a very complex schemes for some credential types. E.g. it may define a complete security questions.
This section is a definition of user credentials that midPoint can MANAGE. Which mostly means writing/changing the credentials. This section is not directly concerned with authentication or credential reset - at least not directly. But there may be dependencies. E.g. password reset may use password policy to generate/validate new password. Also, resource-side passwords need to be defined here to be used by authentication modules.
| Name | Type | Multiplicity | Description |
|---|---|---|---|
| default |
container CredentialPolicyType |
[0,1] | Common setting applied to all other credentials type. |
| password |
container PasswordCredentialsPolicyType |
[0,1] | Structure that specifies policy for password management. |
| securityQuestions |
container SecurityQuestionsCredentialsPolicyType |
[0,1] | Structure that specifies policy for security questions. |
| nonce |
container NonceCredentialsPolicyType |
[0,-1] | Nonce settings used to generate one-time random values. |
| attributeVerification |
container AttributeVerificationCredentialsPolicyType |
[0,1] |
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Structure that specifies policy for password management. It is in fact only a simple reference
to a password policy.
This is a credential policy. Which means that it controls how credentials are set (stored).
It does not control how credentials are used for authentication. That is controlled by the
authentication module setting - and in fact this may even be out of our control completely,
e.g. in case that external authentication is used (SSO).
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,-1]
Flags: RAM,runtime
Multiplicity: [0,1]