I create a realm with the following name: with%20escaped%2Fchars
I’m blocked… I cannot manipulate this. I can’t open it, I can’t delete it.
(I’ve tried using %25 to encode the percent, but that didn’t work)
Your turn now.
(and it’s a bug, because input should be sanitized. It is, but only very partially, as some basic tests show. This points to a more fundamental problem, to the best of my knowledge there is no formal specification of what is accepted as a realm name)
I guess it would work. But I follow a general principle, never edit the DB for a tool that I haven’t developed myself. There can be hidden dependencies, verification of update time, reference lists, any number of traps.
At this point it’s not critical to me because I just redeployed my Keycloak from scratch, it’s a sandbox instance with all realms backed up. But it seems like a Keycloak bug to me.
You should create an issue for this, then it can be clarified by the team.
Please note, that the Keycloak issues have moved from Red Hat Jira to GitHub issues at the GitHub Keycloak repository!
