[keycloak-dev] Blacklist Password Policy
thomas.darimont at googlemail.com
Fri Jul 28 14:52:33 EDT 2017
just realized that I cannot store large strings as the value for the
password policy since
all password policy configurations are stored as a concatenated string in
password_policy column of the realm table which has a maximum capacity of
2550 characters :-/
Values look like:
"hashIterations and passwordHistory and passwordBlacklist(bubu;foo;bar;baz)"
One could change the column type to "text" which is "not limited" but I
think it would be
better to use something else for storing such values - the component_config
2017-07-28 17:48 GMT+02:00 Thomas Darimont <thomas.darimont at googlemail.com>:
> I build a configurable Password Policy that allows to match a given
> password against
> a blacklist with easy to guess passwords that should be not allowed as
> user passwords.
> The 'BlacklistPasswordPolicyProvider' can be configured via the admin UI
> with a ";" delimited list of easy to guess passwords.
> If the user / or admin want's to change the password it is checked against
> the blacklist.
> A password list can be found here:
> A blacklist is of course not a perfect solution but could still be useful
> for some users.
> Password blacklist would be compiled to a trie at startup (and on changes
> of the blacklist)
> for efficient lookups.
More information about the keycloak-dev