diff --git a/docs/documentation/server_admin/topics/authentication/flows.adoc b/docs/documentation/server_admin/topics/authentication/flows.adoc index 7605222008..0dc55c1940 100644 --- a/docs/documentation/server_admin/topics/authentication/flows.adoc +++ b/docs/documentation/server_admin/topics/authentication/flows.adoc @@ -407,7 +407,7 @@ in the authentication flow), then {project_name} will throw an error. ==== Registration or Reset credentials requested by client Usually when the user is redirected to the {project_name} from client application, the `browser` flow is triggered. This flow may allow the user to <> in case -that realm registration is enabled and the user clicks `Register`on the login screen. Also, if <> is enabled for the realm, the user can +that realm registration is enabled and the user clicks `Register` on the login screen. Also, if <> is enabled for the realm, the user can click `Forget password` on the login screen, which triggers the `Reset credentials` flow where users can reset credentials after email address confirmation. Sometimes it can be useful for the client application to directly redirect the user to the *Registration* screen or to the *Reset credentials* flow. The resulting action will match the action of when the diff --git a/docs/documentation/server_admin/topics/authentication/password-policies.adoc b/docs/documentation/server_admin/topics/authentication/password-policies.adoc index 94893818fa..c80030a479 100644 --- a/docs/documentation/server_admin/topics/authentication/password-policies.adoc +++ b/docs/documentation/server_admin/topics/authentication/password-policies.adoc @@ -99,6 +99,7 @@ The current implementation uses a BloomFilter for fast and memory efficient cont * By default a false positive probability of `0.01%` is used. * To change the false positive probability by CLI configuration, use `--spi-password-policy-password-blacklist-false-positive-probability=0.00001`. +[[maximum-authentication-age]] ===== Maximum Authentication Age Specifies the maximum age of a user authentication in seconds with which the user can update a password without re-authentication. A value of `0` indicates that the user has to always re-authenticate with their current password before they can update the password. diff --git a/docs/documentation/server_admin/topics/login-settings/forgot-password.adoc b/docs/documentation/server_admin/topics/login-settings/forgot-password.adoc index 5afe569fb1..4f630ec1a6 100644 --- a/docs/documentation/server_admin/topics/login-settings/forgot-password.adoc +++ b/docs/documentation/server_admin/topics/login-settings/forgot-password.adoc @@ -1,4 +1,5 @@ +[[enabling-forgot-password]] == Enabling forgot password If you enable `Forgot password`, users can reset their login credentials if they forget their passwords or lose their OTP generator. diff --git a/docs/documentation/server_admin/topics/users/con-aia.adoc b/docs/documentation/server_admin/topics/users/con-aia.adoc index 90faae7122..a2077b7b2d 100644 --- a/docs/documentation/server_admin/topics/users/con-aia.adoc +++ b/docs/documentation/server_admin/topics/users/con-aia.adoc @@ -44,7 +44,7 @@ the client can still request re-authentication when some AIA is requested. Exce * The action `delete_account` will always require the user to actively re-authenticate -* The action `update_password` might require the user to actively re-authenticate according to the configured <>. +* The action `update_password` might require the user to actively re-authenticate according to the configured <>. In case the policy is not configured, it also defaults to five minutes. * If you want to use a shorter re-authentication, you can still use a parameter query parameter such as `max_age` with the specified shorter value or eventually `prompt=login`, which will always require user to