Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-4550

It is possible to create malformed Policies

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 2.5.4.Final
    • Fix Version/s: 3.3.0.Final
    • Labels:
      None
    • Environment:

      Windows 7 Enterprise 64bit
      Keycloak-2.5.4.Final (But also in older versions)

    • Steps to Reproduce:
      Hide
      Preconditions:
      • Running Keycloak Server (2.5.4.Final) standalone
      • added admin user
      • a client in the realm (e.g. TestClient) configured with Authorization enabled
      • a user (e.g. christian)

      Steps to reproduce:

      In Java Code
      1) Create a valid PolicyRepresentation
      2) In config set for the users an invalid String
      3) send via AmdinCli (org.keycloak.admin.client.keycloak)
      4) Read Response

      Now in the Browser
      5) Open Keycloak Server Admin Console
      6) Navigate to Realm -> Clients -> TestClient -> Authorization -> Policies
      7) The Malformed Policy is displayed
      8) Click the name of the Malformed Policy
      9) Policy Form is opened but you get immediately redirected to Resource not found... page (http://localhost:8080/auth/admin/master/console/#/notfound)

      Observed behavior:

      4.a) Response Status Code is 201 Created
      7.a) The Malformed Policy is displayed

      Expected behavior:

      4.a) The Response Status Code is 400 Bad Request (Or something similar)
      7.a) The Malformed Policy is not displayed (not created)

      Show
      Preconditions: Running Keycloak Server (2.5.4.Final) standalone added admin user a client in the realm (e.g. TestClient ) configured with Authorization enabled a user (e.g. christian ) Steps to reproduce: In Java Code 1) Create a valid PolicyRepresentation 2) In config set for the users an invalid String 3) send via AmdinCli ( org.keycloak.admin.client.keycloak ) 4) Read Response Now in the Browser 5) Open Keycloak Server Admin Console 6) Navigate to Realm -> Clients -> TestClient -> Authorization -> Policies 7) The Malformed Policy is displayed 8) Click the name of the Malformed Policy 9) Policy Form is opened but you get immediately redirected to Resource not found... page ( http://localhost:8080/auth/admin/master/console/#/notfound ) Observed behavior: 4.a) Response Status Code is 201 Created 7.a) The Malformed Policy is displayed Expected behavior: 4.a) The Response Status Code is 400 Bad Request (Or something similar) 7.a) The Malformed Policy is not displayed (not created)
    • Docs QE Status:
      NEW
    • QE Status:
      ASSIGNED

      Description

      It is Possible to create malformed policies.
      The Keycloak Response code is 201 Created and in the Policies overview the malformed policy can be seen.

      Using the Keycloak AmdinCli:

      // create Represenation
      PolicyRepresentation userPolicyRepresentation = new PolicyRepresentation();
      userPolicyRepresentation.setName("Policy-Malformed");
      userPolicyRepresentation.setDescription("Description of a malformed user Policy");
      userPolicyRepresentation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
      userPolicyRepresentation.setType("user");
      Map<String, String> config = new HashMap<>();
      // here we put something invalid ... a user ID would be needed 
      config.put("users", "[\"christian\"]");
      userPolicyRepresentation.setConfig(config);
              
      // create 
      Response response = keycloak.realm(realm).clients().get(clientId).authorization().policies().create(policy);
      assertThat(response.getStatusInfo(), is(Response.Status.CREATED));
      response.close();
      

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                pcraveiro Pedro Igor
                Reporter:
                kklimpfi Koloman Klimpfinger
                Tester:
                Zuzana Schwarzova
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: