KEYCLOAK-6110 Document usage of Password Blacklist password policy

2018-01-02 14:05:56 +01:00 · 2018-01-02 14:05:56 +01:00 · 63a9a44a3c
commit 63a9a44a3c
parent 3d7a458343
1 changed files with 7 additions and 0 deletions
--- a/server_admin/topics/authentication/password-policies.adoc
+++ b/server_admin/topics/authentication/password-policies.adoc
@ -63,3 +63,10 @@ Expire Password::
 Not Recently Used::
  This policy saves a history of previous passwords. The number of old passwords stored is configurable. When a user changes their password
  they cannot use any stored passwords.
+Password Blacklist::
+  This policy checks if a given password is contained in a blacklist file, which is potentially a very large file.  
+  Password blacklists are UTF-8 plain-text files with Unix line endings where every line represents a blacklisted password.  
+  The file name of the blacklist file must be provided as the password policy value, e.g. `10_million_password_list_top_1000000.txt`.  
+  Blacklist files are resolved against `${jboss.server.data.dir}/password-blacklists/` by default.  
+  This path can be customized via the `keycloak.password.blacklists.path` system property, 
+  or the `blacklistsPath` property of the `passwordBlacklist` policy SPI configuration.