Hi,
we’re using a custom User Federation (implementing the User Storage SPI). User registrations are possible and configured Password Policies are enforced (e. g. “Minimum Length = 8”) when the registration form is validated (we are using a custom registration flow too).
But when a logged-in user wants to update their password via the “account” client (/auth/realms/{realm}/account/password) the configured Password Policies for this realm are not enforced.
Is there some setting that I am missing?