Keycloak password policy

Question

So, I have integrated keycloak API endpoints in my Symfony project..

Regarding https://ultimatesecurity.pro/post/password-policy/ we have added 'not username' policy to test on creating new user within the app.

Idea is to delcare specific method with defined endpoint which will do this.

I was checking the documentation and could not find any endpoint that can check for password policy rules --> documentation

Idea for it:

$options = [
        'headers' => $this->getAuthJsonHeaders()
    ];

    try {
        $endpoint = sprintf('auth/admin/realms/%s/', $this->realm);
        $response = $this->request('GET', $endpoint, $options);
        return $response;
    } catch (\Exception $e) {
        $this->exception('Can`t reset user password on Keycloak. ' . $e->getMessage());
    }

This is what I get:

when dumping results

Answer 1

To get the list of the password policies being used by the Realm, you should call the following endpoint:

GET <KEYCLOAK_HOST>/auth/admin/realms/<YOUR_REALM>

from the JSON response extract the field:

passwordPolicy

which for instance if you have set Minimum length to 12 and Hashing Iterations to 27500 the passwordPolicy would be "length(12) and hashIterations(27500)"