Skip to content

Admin console sends non-JSON payload with content-type: application/json #43812

New issue
New issue
Closed
bug
#44193
Closed
Admin console sends non-JSON payload with content-type: application/json#43812
bug
#44193
Assignees
ssilvert
Labels
area/admin/uiarea/organizationskind/bugCategorizes a PR related to a bugrelease/26.4.6release/26.5.0team/core-iamteam/core-shared
@jbman

Description

@jbman
jbman
opened on Oct 29, 2025

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

admin/ui

Describe the bug

When a member is added to an organization the following request is sent:

POST /admin/realms/myrealm/organizations/75247cdc-9f01-4939-aa71-b46a774e50ce/members
-H 'content-type: application/json' \
  --data-raw '1ddd1774-bd9c-4771-a7c0-b490baad7529'

This is rejected if Keycloak runs behind a web application firewall, as the payload is not JSON.

Version

26.0

Regression

  • The issue is a regression

Expected behavior

The admin console should send payload as quoted value: "1ddd1774-bd9c-4771-a7c0-b490baad7529"'
This is allowed as valid JSON.

Actual behavior

Keycloak accepts unquoted value despite "Content-type" must be set to "application/json"

How to Reproduce?

Add a member to an organization. Observe the API request by Admin console.

Anything else?

An alternative solution: Improve the API and expect a JSON object:

{
    "userId": "1ddd1774-bd9c-4771-a7c0-b490baad7529"
}

Metadata

Metadata

Assignees

Labels

area/admin/uiarea/organizationskind/bugCategorizes a PR related to a bugrelease/26.4.6release/26.5.0team/core-iamteam/core-shared

Type

bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions