Keycloak 密码黑名单不适用于特殊符号
Keycloak password blacklist doesn't work with special symbols
我有一个包含黑名单密码的文本文件,并在 keycloak 中将文件名设置为身份验证 -> 密码策略 -> 密码黑名单。如果有像
这样的简单密码
password
admin
user
效果很好 - 当我尝试更改密码时,我看到了这条消息 Error! Invalid password: password is blacklisted.
但是当我向此列表添加更复杂的密码时,如 Music.1% 它不起作用 - 我可以将密码更改为此。
为什么会这样,有没有办法将文件中的相似密码列入黑名单?
从 Keycloak 文档中可以阅读以下内容:
密码黑名单
This policy checks if a given password (converted to lowercase) is
contained in a blacklist file, which is potentially a very large file.
Password blacklists are UTF-8 plain-text files with Unix line endings
where every line represents a blacklisted password. All passwords in
the blacklist must be lowercased to facilitate case-insensitive
comparison. The file name of the blacklist file must be provided as
the password policy value, e.g.
10_million_password_list_top_1000000.txt. Blacklist files are resolved
against ${jboss.server.data.dir}/password-blacklists/ by default. This
path can be customized via the keycloak.password.blacklists.path
system property, or the blacklistsPath property of the
passwordBlacklist policy SPI configuration.
密码“password”、“admin”和“user”有效而“Music.1%”无效的原因是前三个是小写而最后一个不是。不是特殊符号。
我有一个包含黑名单密码的文本文件,并在 keycloak 中将文件名设置为身份验证 -> 密码策略 -> 密码黑名单。如果有像
这样的简单密码password
admin
user
效果很好 - 当我尝试更改密码时,我看到了这条消息 Error! Invalid password: password is blacklisted.
但是当我向此列表添加更复杂的密码时,如 Music.1% 它不起作用 - 我可以将密码更改为此。
为什么会这样,有没有办法将文件中的相似密码列入黑名单?
从 Keycloak 文档中可以阅读以下内容:
密码黑名单
This policy checks if a given password (converted to lowercase) is contained in a blacklist file, which is potentially a very large file. Password blacklists are UTF-8 plain-text files with Unix line endings where every line represents a blacklisted password. All passwords in the blacklist must be lowercased to facilitate case-insensitive comparison. The file name of the blacklist file must be provided as the password policy value, e.g. 10_million_password_list_top_1000000.txt. Blacklist files are resolved against ${jboss.server.data.dir}/password-blacklists/ by default. This path can be customized via the keycloak.password.blacklists.path system property, or the blacklistsPath property of the passwordBlacklist policy SPI configuration.
密码“password”、“admin”和“user”有效而“Music.1%”无效的原因是前三个是小写而最后一个不是。不是特殊符号。