KEYCLOAK-11700 Passwords in the blacklist must be lowercase

This commit is contained in:
Jaap Roes 2020-02-19 10:36:55 +01:00 committed by Stian Thorgersen
parent 351e4c3749
commit ea248b5601

View file

@ -64,8 +64,9 @@ Not Recently Used::
This policy saves a history of previous passwords. The number of old passwords stored is configurable. When a user changes their password This policy saves a history of previous passwords. The number of old passwords stored is configurable. When a user changes their password
they cannot use any stored passwords. they cannot use any stored passwords.
Password Blacklist:: Password Blacklist::
This policy checks if a given password is contained in a blacklist file, which is potentially a very large file. This policy checks if a given password (converted to lowercase) is contained in a blacklist file, which is potentially a very large file).
Password blacklists are UTF-8 plain-text files with Unix line endings where every line represents a blacklisted password. Password blacklists are UTF-8 plain-text files with Unix line endings where every line represents a blacklisted password.
All passwords in the blacklist must be lowercased to facilitate case-insensitive comparison.
The file name of the blacklist file must be provided as the password policy value, e.g. `10_million_password_list_top_1000000.txt`. The file name of the blacklist file must be provided as the password policy value, e.g. `10_million_password_list_top_1000000.txt`.
Blacklist files are resolved against `${jboss.server.data.dir}/password-blacklists/` by default. Blacklist files are resolved against `${jboss.server.data.dir}/password-blacklists/` by default.
This path can be customized via the `keycloak.password.blacklists.path` system property, This path can be customized via the `keycloak.password.blacklists.path` system property,