Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
adapter/javascript
Describe the bug
When configuring the "Timeout" field within the Keycloak Admin Console's Configure -> Authentication -> Policies -> Webauthn Passwordless Policy section, entering a value greater than 1000 seconds results in a JavaScript Syntax Error.
This appears to be caused by FreeMarker Template Language (FTL) applying locale-specific number formatting, which inserts a comma (,) as a thousand separator into the generated JavaScript code.
This prevents the value from being parsed as a valid Number type by the JavaScript engine.
Version
26.2.5 (tested with the latest official Docker image as per reproduction steps), 23.0.7 (our currently utilized version, exhibiting the same issue)
Regression
- The issue is a regression
Expected behavior
The "Timeout" field should correctly handle and display values greater than 1000 seconds without introducing formatting characters like commas.
The input value should be rendered as a pure numerical value in the generated JavaScript, ensuring it is properly interpreted as a Number type and does not cause a Syntax Error.
The user should be able to proceed with WebAuthn authentication as expected.
Actual behavior
When a value exceeding 1000 seconds is entered (e.g., 3600), the generated JavaScript code contains a comma (e.g., 3,600 instead of 3600).
This invalidates the number literal in JavaScript, leading to a Syntax Error during script execution, preventing the WebAuthn flow from proceeding correctly.
How to Reproduce?
- Start a Keycloak container without any modifications (e.g., using the command from the official getting started guide):
- Access the Keycloak Admin Console (e.g., http://localhost:8080).
- Log in with the admin credentials (e.g., admin/admin).
- Navigate to Manage realms (top left dropdown) and create a new test realm, e.g., test-realm.
- Switch to the test-realm.
- Under Manage -> Users, create a new test user, e.g., test.
- Set a password for the test user in the Credentials tab.
- For the test user, in the Required user actions input field, set Webauthn Register Passwordless.
- Navigate to Configure -> Authentication -> Policies -> Webauthn Passwordless Policy.
- Locate the "Timeout" field and set its value to something greater than 1000 seconds (e.g., 3600 for 1 hour). Click "Save".
- Attempt to log in to the test-realm using the test user through a Keycloak client application or directly via the account console (e.g., http://localhost:8080/realms/test-realm/account).
- Open your browser's developer tools (e.g., F12) and inspect the Console tab for JavaScript errors.
Example of the generated JavaScript snippet causing the error:
const input = {
// ... code before ...
requireResidentKey : 'not specified',
userVerificationRequirement : 'not specified',
createTimeout : 3,600, // causing SyntaxError
excludeCredentialIds : '',
initLabel : "Passkey (Default Label)",
// ... code after ...
}Anything else?
No response