Hello Community!
Using login via user/password or via OIDC, during the request chain, there are two query params: tab_id and session_code.
Sometimes, these two query params may contain multiple dashes(-). When there are more than 2 dashes in a row, AWS WAF identify the request as SQL Injections. Double-dash sequence – is a comment indicator in SQL.
e.g. /auth/realms//login-actions/authenticate?session_code=<session_code>&execution=&client_id=<client_id>&tab_id=1- -sAGs187
Is there any configuration related to these query params in Keycloak?
Thank you.