- Issue created by @bala_28
- 🇮🇳India bala_28 Chennai
As mentioned in Proposed solution adding a patch.
Please validate and share your suggestions. - last update
over 1 year ago Composer require failure - 🇦🇺Australia mingsong 🇦🇺
It is common use case where a user need to login via Drupal authentication when SSO is not available as a backup. Particularly the IDP is managed by third party.
I would suggest a different way to decide whether the password policy should be applied for an external linking user.
Instead of checking if the user is an external linking user, we can depend on whether the password field is accessible. No matter for what reason, as long as the password field is hidden, the password policy should not be forced as user can not change it via a hidden password field.
- Merge request !86Issue #3366169 by bala_28, Mingsong: Apply password policies for SSO users → (Open) created by mingsong
- 🇦🇺Australia mingsong 🇦🇺
Created a MR for the proposal.
For those need a patch to test, here is the patch from the MR.
https://git.drupalcode.org/project/password_policy/-/merge_requests/86.p...
- Status changed to Needs review
5 months ago 12:37am 17 July 2024 - 🇦🇺Australia mingsong 🇦🇺
The CI test failure is irrelevant.
See the following issue for more details of that CI failure.
🐛 Ignore the new user.logout.confirm route in the PasswordPolicyEventSubscriber RTBC
- 🇦🇺Australia mingsong 🇦🇺
The patch from #86 merge request. In case anyone need the patch for local test.
- First commit to issue fork.
- 🇯🇵Japan dc-kinoshita
Thank you for the patch. I am going to check it on my Drupal 9 project.
By the way, how about adding a configuration and admin screen settings like "Apply password policy to external users" so site admins can decide what to do in their particular cases?