RH-SSO operator: password policy blacklist deleted upon pod restart

1 - Issue description

When setting up the password policy blacklist on a RH-SSO pod, it gets deleted  upon a Pod restart.

2 - Password policy blacklist configuration
Configure the Authentication realm password policy with password blacklist file from the admin console.
For example, you can enter a file name test-password-blacklist.txt.

3. You also need to copy this file (test-password-blacklist.txt) to the pod at at location 
/opt/eap/standalone/data/password-blacklists
 

===> After having reached this step, you can RH-SSO password policy with operator.

 

4.  password policy blacklist lost upon pod restart

 

If the pod is is restarted, the file available before at location /opt/eap/standalone/data/password-blacklists/test-password-blacklist.txt is lost.

 

5. CR required for password policy blacklist

It is required to have a specific CRD for password policy blacklist.

This CRD  password policy blacklist should allow the backlist to be preserved across restarts, and also when deployed on multiple pods.

 

6. Documentation Pointers

Password blacklist is documented at:

https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6/html/server_administration_guide/configuring-authentication_server_administration_guide#password_blacklist