Skip to content

Normalizing of Keycloak URLs not documented #43763

New issue
New issue
Closed
bug
#43765
Closed
Normalizing of Keycloak URLs not documented#43763
bug
#43765
Assignees
ahus1
Labels
area/dist/quarkuskind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.4.4release/26.5.0team/cloud-nativeteam/sre
@ahus1

Description

@ahus1
ahus1
opened on Oct 28, 2025

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

dist/quarkus

Describe the bug

When processing URLs, Keycloak normalizes URLs based on the Quarkus logic.

This includes collapsing a double slash //, as well as evaluating .. in the path.

While this is a convenience feature also partly an RFC3986 as well, it makes URL filtering for Keycloak unnecessarily hard and difficult to document. Also Quarkus adds another normalization by removing the double slash.

Version

main

Regression

  • The issue is a regression

Expected behavior

Allow simple URL filtering for Keycloak rules.

Actual behavior

Keycloak normalizes URLs, thereby making it hard to filter them.

How to Reproduce?

Use curl --path-as-is ... and use an URL with .. in it.

Anything else?

I'll prepare a PR.

Metadata

Metadata

Assignees

Labels

area/dist/quarkuskind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.4.4release/26.5.0team/cloud-nativeteam/sre

Type

bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions