Problem with charachter "%" in client secret

[djuarezgf]

When my client secret contains the character "%", Keycloak gives the following error:

2023-11-28 10:27:08,226 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-1101) Uncaught server error: java.lang.IllegalArgumentException: URLDecoder: Illegal hex characters in escape (%) pattern - Error at index 1 in: "e)"
        at java.base/java.net.URLDecoder.decode(URLDecoder.java:237)
        at java.base/java.net.URLDecoder.decode(URLDecoder.java:147)
        at org.jboss.resteasy.util.Encode.decode(Encode.java:484)

I have other services that use that client and have no problem. However, the error happens when I use the library camunda-platform-7-keycloak.

I am afraid, that other special characters are also affected.

[VonDerBeck]

Hi @djuarezgf,

this is not reproducible. And there are of course tests checking login with special characters. Furthermore your log snippet mentions org.keycloak.services.error.KeycloakErrorHandler which has nothing to do with anything of this extension.

Would you mind to tell us a little more about your environment including used dependencies / plugins / ...?

[djuarezgf]

Hi @VonDerBeck ,

thank you very much for answering. That's the error that I get in Keycloak, not in Camunda. Our code is Open Source: https://github.com/samply/mtba

[VonDerBeck]

Hi @djuarezgf,

sorry, but sending me just a link to some foreign project without any further explanation and thinking that from that I'm going to fiddle out what your problem is - that's a bit presumptuous. Please be aware, that this is Open Source and a community project.

Having a quick look at your project it seems like you are using SSO / Spring Security OAuth2?

• Where are your Camunda Webapp configurations?
• In case of SSO the plugin has nothing to do with the login itself, this is all part of Keycloak. See OAuth 2.0 / OpenID Connect protocol. Your login uses the Keycloak dialog, right?
• Check your Keycloak setup (in case you're using an old JBoss based version instead of the modern Quarkus based runtime I would recommend an update). Your Keycloak setup is the most likely error.
• You have included camunda-platform-7-keycloak-jwt in your pom, but your application.yaml setup as well as the rest of your project does not reflect that. Have you added that just to try if this makes a difference?

I would urge you to work through the complete SSO example setup and fully work on the necessary steps in order to get SSO up and running. Or throw away SSO and Spring Security OAuth2 and keep using Camunda Login Forms. Do not try to mix things up.

[VonDerBeck]

Closing this as not reproducible