New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Username lookup fails with hash (#) symbols (using the User Storage SPI) #17900
Comments
@barthelch why is the username in the url? That doesn't happen on my instance |
the hash is a an anchor that we use for routing to the right view |
Note that this in the old UI, which we no longer provide bugfixes and new features unless absolutely critical. I this behavior also reproducible in the new theme? |
@jonkoops Thanks for your reply. When I am trying to use the new UI (keycloak v2 Theme), I get this error message:
The error message appears when I am searching for the user |
@edewit Thanks for your reply. I don't know why this happens (this is the reason why I created this issue). Since you are saying that it works on your instance:
|
ahh sorry didn't see that you included the code. So I tried it with your code and it is what I initially thought, the user id contains a hash You do this on line 125 of your code |
Ok, I was uncertain whether it is possible to change the username at this point and what else is affected when doing so. Thanks @edewit, that seems to solve my issue. |
I doubt that encoding in provider is proper fix for this issue. The problem was probably introduced by f32d3f5 (Upgrade to React Router v6). I hope the issue was fixed properly by #23667 in scope of #22600. |
Before reporting an issue
Area
storage
Describe the bug
Environment: Keycloak v20.0.1 [0], Debian 11, openjdk 17.0.4
Settings: `keycloak' Theme (the old theme and not the keycloak v2 one)
Problem description: We are currently working on a Custom User Storage Provider (following this description [1]). During development, we noticed an unexpected behavior concerning some usernames.
The username consists of two parts separated by an
#
symbol. Example:first12#second34
.Version
20.0.1
Expected behavior
I would expect a successful (admin-) lookup for usernames with
#
symbols (example:first12#second34
).Actual behavior
It is possible to successfully log in with usernames containing a
#
symbol but the username is not found within the admin lookup interface.(found at Keycloak > Users > Search for `first12#second34' > click on the ID column).
See the keycloak2.png image with the
Resource not found
error page below.How to Reproduce?
~/providers
directory within the keycloak installationbin/kc.sh build && bin/kc.sh start-dev
first12#second34
(image keycloak1.png)
Resource not found
page with the. URL: http://127.0.0.1:8080/admin/master/console/#/notfound#second34(image keycloak2.png)
The logging output of the attached user SPI:
Anything else?
Questions:
getUserByUsername()
method only receives the first part of thecompound username (
first12
). Therefore, the lookup fails because no such user exists.Why is keycloak not sending the entire username to the
getUserByUsername()
method?Do I have to ``escape'' it somehow at some point in time?
(When and where?)
first12#second34
user, I get this error message:I am not sure where I can find further information about the
to.hash
field?Is it something I can control within my Java extension?
Attachments: I have attached a minimal example (a Custom User Storage provider with a single username
first12#second34
, see DBUserStorageProvider.java and DBUserStorageProviderFactory.java) and two images showing the lookup list and the error message.User Lookup Overview: (keycloak1.png)
Error message when clicking on the ID URL: (keycloak2.png)
DBUserStorageProvider.java.txt
DBUserStorageProviderFactory.java.txt
[0] https://github.com/keycloak/keycloak/releases/download/20.0.1/keycloak-20.0.1.tar.gz
[1] https://www.keycloak.org/docs/latest/server_development/index.html#_user-storage-spi
The text was updated successfully, but these errors were encountered: