Expand my Community achievements bar.

SOLVED

Password policy

Avatar

Level 2

Hi,

below questioned raised by the security audit team. We are using CQ 5.6.1. Is there any way to configure and define the password policy.

  • Password length should be minimum 8 characters.
  • Password complexity should be in place.
  • Last 5 passwords should not be used.
  • Password age should be 45 days.
  • User ids to be locked after 5 unsuccessful login attempts. Also, user should be auto logged off if there is no activity in certain time frame that should be configurable
  • In case of new password allocation, administrator should provide temporary password to user and send confirmation mail after password allocation.
  • Forced password change on first login.

Regards,

Deepak

1 Accepted Solution

Avatar

Correct answer by
Level 2

Hey manage to do it myself its pretty easy.

 

1. Go to Config manager search for "DAY CQSE HTTP Service" , default session timeout is 10 mins, you can changes as per the requirement.

 

Hope this will help others

View solution in original post

8 Replies

Avatar

Level 9

Deepak,

What do you mean by configuration?. These are the simple text messages for the end user. And, can be put using RTE. Now, whether the user follows these instructions or not is part of the validation and validation (server side/client side) would render these messages.

If there is a case where you don't want an author to put same text multiple places then move it to some admin pages and read that common content. By this way, it seems you need to do some extra work.

Regards,

Jitendra

Avatar

Level 2

Hi Jitendra,

I am talking about ACL (User management) when you create an user there is no option to set the password policy for the user to login.

Regards,

Deepak

Avatar

Level 7

Hi Deepak,

 

Please find the below article, this might be helpful for getting you started. After that you can amend as required.

http://experience-aem.blogspot.com.au/2015/09/aem-61-classic-ui-implementing-simple-password-policy....

Avatar

Level 2

Thanks for your response. I am using cq5.6.1. do you have any reference
?

 

Also would like to change user inactive timeout. if user is ideal for 5 mins then system should log him out.

Avatar

Level 7

Though this is AEM 6.1 but this is for classic UI so this should work also for 5.6.1. Kindly try to implement and see if this works for you.

Avatar

Level 2

Thanks I will check this option.

Would like to change user inactive timeout. if user is ideal for 5 mins then system should log him out. How can we achieve this

Avatar

Administrator

Hi 

Answering your first question, 

Validation can be achieve by implementing custom validation using JavaScript.

As it is done in link mentioned by Tuhin :- http://experience-aem.blogspot.in/2015/09/aem-61-classic-ui-implementing-simple-password-policy.html

 

Second question on Timeout:- You can achive this with session timeout.

Link:- http://aemfaq.blogspot.in/2014/10/how-to-set-timeout-for-login-token.html

//

Link:- http://www.tothenew.com/blog/setting-the-timeout-interval-of-a-httpsession/

 

Thanks and Regards

Kautuk Sahni



Kautuk Sahni

Avatar

Correct answer by
Level 2

Hey manage to do it myself its pretty easy.

 

1. Go to Config manager search for "DAY CQSE HTTP Service" , default session timeout is 10 mins, you can changes as per the requirement.

 

Hope this will help others