Traditional password-based authentication that users establish during the web activation process. Passwords serve as a primary authentication factor for web-only users and can be used across both web and mobile platforms.
| Aspect | Specification | Configuration |
|---|
| Minimum Length | System defined | ✅ Configurable by administrator |
| Complexity Rules | Policy-based | ✅ Configurable password requirements |
| Expiration Period | Time-based | ✅ Configurable duration |
| History Tracking | Previous passwords | ✅ Configurable number remembered |
| Case Sensitivity | Standard | ✅ Typically case-sensitive |
| Parameter | Location | Description | Impact |
|---|
alwaysAskForPassword | allowed.auth.factors | Forces password requirement for all users | All users must enter password even if other factors available |
PasswordExpiry | Common-Configs | Sets password expiration duration | Users must update password after specified period |
TERMINATE_SESSION_ON_PASS_CHANGE_FLOW | Blaze Adapter | Controls session handling after password change | Determines if user stays logged in after password update |
- Activation Process: User creates password during web credential activation
- Confirmation Required: Password must be entered twice for verification
- Policy Validation: System checks password meets complexity requirements
- Secure Storage: Password securely hashed and stored in system
- Immediate Availability: Password ready for authentication immediately after setup
- Expiry Detection: System checks password age during authentication
- Expiry Warning: User notified when password is near expiration
- Update Required: Expired password triggers mandatory update screen
- New Password Entry: User must create new password meeting current policy
- Session Handling: System behavior depends on configuration setting
| Configuration Value | Behavior | User Experience |
|---|
"NONE" | Session continues | User remains logged in after password change |
"ALL" | Session terminates | User must re-authenticate after password change |
| Default | "NONE" | Seamless experience maintained |
- Valid Password: User enters correct password matching stored hash
- Policy Compliance: Password meets all current complexity requirements
- Within Expiry: Password is current and not expired
- First Factor Complete: Password authentication allows progression to second factor
| Failure Type | Cause | System Response | User Action Required |
|---|
| Incorrect Password | Wrong password entered | Authentication failure, attempt counter decremented | User can retry with correct password |
| Expired Password | Password past expiration date | Update password screen displayed | User must create new password |
| Account Lockout | Too many failed attempts | Account temporarily blocked | Wait for cooling period or contact admin |
| Policy Violation | New password doesn't meet requirements | Error message with policy details | User must create compliant password |
- Trigger Event: Password expiry detected or user-initiated change
- Current Password: User may need to enter existing password for verification
- New Password Entry: User creates new password meeting policy requirements
- Confirmation: New password entered twice for verification
- Validation: System checks password against policy rules
- Storage Update: New password hash replaces old password
- Session Decision: Continue or terminate session based on configuration
- Web Authentication: Password used for web portal login
- Mobile App: Same password can be used for REL-ID mobile app authentication (if configured)
- Consistency: Single password works across all configured platforms
- Synchronization: Password changes affect all platforms immediately
