Password

🎯 Purpose

Traditional password-based authentication that users establish during the web activation process. Passwords serve as a primary authentication factor for web-only users and can be used across both web and mobile platforms.

📋 Password Characteristics

Aspect	Specification	Configuration
Minimum Length	System defined	✅ Configurable by administrator
Complexity Rules	Policy-based	✅ Configurable password requirements
Expiration Period	Time-based	✅ Configurable duration
History Tracking	Previous passwords	✅ Configurable number remembered
Case Sensitivity	Standard	✅ Typically case-sensitive

⚙️ Configuration Parameters

Parameter	Location	Description	Impact
`alwaysAskForPassword`	`allowed.auth.factors`	Forces password requirement for all users	All users must enter password even if other factors available
`PasswordExpiry`	`Common-Configs`	Sets password expiration duration	Users must update password after specified period
`TERMINATE_SESSION_ON_PASS_CHANGE_FLOW`	`Blaze Adapter`	Controls session handling after password change	Determines if user stays logged in after password update

🔄 Password Lifecycle Management

Initial Password Setup

Activation Process: User creates password during web credential activation
Confirmation Required: Password must be entered twice for verification
Policy Validation: System checks password meets complexity requirements
Secure Storage: Password securely hashed and stored in system
Immediate Availability: Password ready for authentication immediately after setup

Password Expiry Management

Expiry Detection: System checks password age during authentication
Expiry Warning: User notified when password is near expiration
Update Required: Expired password triggers mandatory update screen
New Password Entry: User must create new password meeting current policy
Session Handling: System behavior depends on configuration setting

Password Expiry Configuration For Web

Parameter	Location	Description	Default Value
`is.password.set.or.update.enable.on.web`	`Auth Server`	Configuration to allow/disallow password update using Web Authentication flows.	True

📊 Session Continuation Configuration

Configuration Value	Behavior	User Experience
`"NONE"`	Session continues	User remains logged in after password change
`"ALL"`	Session terminates	User must re-authenticate after password change
Default	`"NONE"`	Seamless experience maintained

🎯 Success and Failure Scenarios

✅ Success Scenarios

Valid Password: User enters correct password matching stored hash
Policy Compliance: Password meets all current complexity requirements
Within Expiry: Password is current and not expired
First Factor Complete: Password authentication allows progression to second factor

❌ Failure Scenarios

Failure Type	Cause	System Response	User Action Required
Incorrect Password	Wrong password entered	Authentication failure, attempt counter decremented	User can retry with correct password
Expired Password	Password past expiration date	Update password screen displayed	User must create new password
Account Lockout	Too many failed attempts	Account temporarily blocked	Wait for cooling period or contact admin
Policy Violation	New password doesn't meet requirements	Error message with policy details	User must create compliant password

Password Update Process

Trigger Event: Password expiry detected or user-initiated change
Current Password: User may need to enter existing password for verification
New Password Entry: User creates new password meeting policy requirements
Confirmation: New password entered twice for verification
Validation: System checks password against policy rules
Storage Update: New password hash replaces old password
Session Decision: Continue or terminate session based on configuration

Cross-Platform Usage

Web Authentication: Password used for web portal login
Mobile App: Same password can be used for REL-ID mobile app authentication (if configured)
Consistency: Single password works across all configured platforms
Synchronization: Password changes affect all platforms immediately

Updated 8 days ago