KEYCLOAK-11700 Passwords in the blacklist must be lowercase

2020-02-19 10:36:55 +01:00 · 2020-02-19 10:36:55 +01:00 · ea248b5601
commit ea248b5601
parent 351e4c3749
1 changed files with 3 additions and 2 deletions
--- a/server_admin/topics/authentication/password-policies.adoc
+++ b/server_admin/topics/authentication/password-policies.adoc
@ -64,8 +64,9 @@ Not Recently Used::
  This policy saves a history of previous passwords. The number of old passwords stored is configurable. When a user changes their password
  they cannot use any stored passwords.
 Password Blacklist::
-  This policy checks if a given password is contained in a blacklist file, which is potentially a very large file.  
-  Password blacklists are UTF-8 plain-text files with Unix line endings where every line represents a blacklisted password.  
+  This policy checks if a given password (converted to lowercase) is contained in a blacklist file, which is potentially a very large file).
+  Password blacklists are UTF-8 plain-text files with Unix line endings where every line represents a blacklisted password.
+  All passwords in the blacklist must be lowercased to facilitate case-insensitive comparison.
  The file name of the blacklist file must be provided as the password policy value, e.g. `10_million_password_list_top_1000000.txt`.  
  Blacklist files are resolved against `${jboss.server.data.dir}/password-blacklists/` by default.  
  This path can be customized via the `keycloak.password.blacklists.path` system property,