Description
Description
There's quite a few bugs that are opened due to lack of proper validation in admin endpoints, and we should prioritise adding better validation. This could either be done on the representation level, or on the model level.
Doing it at the representation level means we can validate values before updating the model, but on the other hand doing it at the model level would catch any direct updates that are not going through representations.
In either case a annotation based approach, like Hibernate Validator, may be preferable.
Adding validation may result in breaking existing deployments; this would be in favour of adding validation at the representation level, and make it possible to disable validation (at least for a while).
This will also likely to require some changes to the Admin UI, for example it will currently sending empty strings for some values, but this should not be permitted by validation on the server-side.
We will probably not be able to cover validation of everything initially, but we should have a framework that can easily be extended on.
Collection of related issues
- Keycloak UI meets "Internal Sever Error" after save "Refresh Token Max Reuse" number #26597
- Unable to modify access token lifespan at realm level. Keycloak stops working. #26665
- Improper Input Validation and Sanitization Leads to persistent partial Denial of Service #26109
- Realm improper input sanitization #26108
- Entering a single space in a regex password policy makes admin interface unusable. #20411
- Acceptable value range is inconsistent between API and Admin Console because of lack of validation in REST API endpoint #8840
- Space in realm name breaks initial console uris #25807
- Unable to delete realm names with invalid URL characters #16345
- Editing realms with special characters in realm ID triggers validation error #26966
Discussion
N/A
Issues
No response
Motivation
No response