We use OpenAM to manage users that have access to multiple applications. Access to all is controlled using SSO through OpenAM. Some of the applications need to have specific (minimum) password policies. When a user has access to more than one application for which there is a defined unique policy then the applied policy for the user password should be the most stringent.
How do we enforce this? In effect can we define a priority order for password policies?
Cheers Daryl