public class BlacklistPasswordPolicyProviderFactory extends Object implements PasswordPolicyProviderFactory
BlacklistPasswordPolicyProvider instances.
Password blacklists are simple text files where every line is a blacklisted password delimited by \n.
Blacklist files are discovered and registered at startup.
Blacklists can be configured via the Authentication: Password Policy section in the admin-console. A blacklist-file is referred to by its name in the policy configuration.
Users can provide custom blacklists by adding a blacklist password file to the configured blacklist folder.
The location of the password-blacklists folder is derived as follows
keycloak.password.blacklists.path if configured - fails if folder is missingblacklistsPath when explicitly configured - fails if folder is missing${jboss.server.data.dir}/password-blacklists/ if nothing else is configured - the folder is created automatically if not presentNote that the preferred way for configuration is to copy the password file to the ${jboss.server.data.dir}/password-blacklists/ folder
To configure a password blacklist via the SPI configuration, run the following jboss-cli script:
/subsystem=keycloak-server/spi=password-policy:add()
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:add(enabled=true)
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:write-attribute(name=properties.blacklistsPath, value=/data/keycloak/blacklists/)
A password blacklist with the filename 10_million_password_list_top_1000000-password-blacklist.txt
that is located beneath /data/keycloak/blacklists/ can be referred to
as 10_million_password_list_top_1000000-password-blacklist.txt in the Authentication: Password Policy configuration.
| Modifier and Type | Class and Description |
|---|---|
static class |
BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist
A
BlacklistPasswordPolicyProviderFactory.FileBasedPasswordBlacklist uses password-blacklist files as
to construct a BlacklistPasswordPolicyProviderFactory.PasswordBlacklist. |
static interface |
BlacklistPasswordPolicyProviderFactory.PasswordBlacklist
A
BlacklistPasswordPolicyProviderFactory.PasswordBlacklist describes a list of too easy to guess
or potentially leaked passwords that users should not be able to use. |
| Modifier and Type | Field and Description |
|---|---|
static String |
BLACKLISTS_PATH_PROPERTY |
static String |
ID |
static String |
JBOSS_SERVER_DATA_DIR |
static String |
PASSWORD_BLACKLISTS_FOLDER |
static String |
SYSTEM_PROPERTY |
| Constructor and Description |
|---|
BlacklistPasswordPolicyProviderFactory() |
| Modifier and Type | Method and Description |
|---|---|
void |
close()
This is called when the server shuts down.
|
PasswordPolicyProvider |
create(KeycloakSession session) |
String |
getConfigType() |
String |
getDefaultConfigValue() |
String |
getDisplayName() |
String |
getId() |
void |
init(Config.Scope config)
Only called once when the factory is first created.
|
boolean |
isMultiplSupported() |
void |
postInit(KeycloakSessionFactory factory)
Called after all provider factories have been initialized
|
BlacklistPasswordPolicyProviderFactory.PasswordBlacklist |
resolvePasswordBlacklist(String blacklistName)
Resolves and potentially registers a
BlacklistPasswordPolicyProviderFactory.PasswordBlacklist for the given blacklistName. |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitorderpublic static final String ID
public static final String SYSTEM_PROPERTY
public static final String BLACKLISTS_PATH_PROPERTY
public static final String JBOSS_SERVER_DATA_DIR
public static final String PASSWORD_BLACKLISTS_FOLDER
public BlacklistPasswordPolicyProviderFactory()
public PasswordPolicyProvider create(KeycloakSession session)
create in interface ProviderFactory<PasswordPolicyProvider>public void init(Config.Scope config)
ProviderFactoryinit in interface ProviderFactory<PasswordPolicyProvider>public void postInit(KeycloakSessionFactory factory)
ProviderFactorypostInit in interface ProviderFactory<PasswordPolicyProvider>public void close()
ProviderFactoryclose in interface ProviderFactory<PasswordPolicyProvider>public String getDisplayName()
getDisplayName in interface PasswordPolicyProviderFactorypublic String getConfigType()
getConfigType in interface PasswordPolicyProviderFactorypublic String getDefaultConfigValue()
getDefaultConfigValue in interface PasswordPolicyProviderFactorypublic boolean isMultiplSupported()
isMultiplSupported in interface PasswordPolicyProviderFactorypublic String getId()
getId in interface ProviderFactory<PasswordPolicyProvider>public BlacklistPasswordPolicyProviderFactory.PasswordBlacklist resolvePasswordBlacklist(String blacklistName)
BlacklistPasswordPolicyProviderFactory.PasswordBlacklist for the given blacklistName.blacklistName - Copyright © 2021 JBoss by Red Hat. All rights reserved.