-
Bug
-
Resolution: Done
-
Undefined
-
None
-
False
-
-
False
-
-
Before reporting an issue
[X] I have searched existing issues
[X] I have reproduced the issue with the latest release
Area
admin/ui
Describe the bug
First I apologize for not being able to test this on the newest version. The version tested was 20.0.1 and I think this is still applicable to the newest release as well. I am not able to perform an installation easy in my work environment so I don't have the newest version to test against.
During testing, we determined that it was possible to create Realm names that had invalid characters and subsequently couldn't be deleted. The simplest way to reproduce this issue is by doing the following steps:
1.) Create a new realm with the name "%22"
2.) Once created, go into the realm settings
3.) Attempt to delete the Realm using the UI
4.) Observe error response from KeyCloak UI
I believe this is because deletions are done using the DELETE method against the realm name within the URL, which won't accept these invalid characters. The input for the realm name needs to therefore be adjusted to disallow invalid URL characters, or the deletion needs to be modified to allow deletions to be performed using others mechanisms besides the realm name on the URL.
Version
20.0.1
Expected behavior
We would be able to delete the realms created with the incorrect characters
Actual behavior
We are unable to delete the realms with the incorrect characters
How to Reproduce?
1.) Create a new realm with the name "%22"
2.) Once created, go into the realm settings
3.) Attempt to delete the Realm using the UI
4.) Observe error response from KeyCloak UI
Anything else?
No further items.
- links to