Input Validation for browserSecurityHeaders in RHSSO/RHBK

Solution Verified - Updated 2024-08-08T13:48:32+00:00 -

English

• No translations currently exist.

Environment

• Red Hat Build of Keycloak
  • 24.x
  • 22.x
• Red Hat Single Sign On
  • 7.6

Issue

• RHSSO/RHBK does not perform any input validation for browserSecurityHeaders due to which it is ending up with 504
  error XSSProtection fields with '\r' causing application to fail and returning 504 gateway time-out error.
• Does RHBK/RHSSO provides Input Validation for browserSecurityHeaders ?

Resolution

• In the current RHBK version there is only feature available i.e user attribute validation documentation

  The realm level/browserSecurityHeaders validation are not available so RFE has been created.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.