Validation of providerId during required action registration

Closes #26109

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>

services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java

@@ -1070,6 +1070,11 @@ public class AuthenticationManagementResource {
         auth.realm().requireManageRealm();
 
         String providerId = data.get("providerId");
+
+        if (providerId == null || session.getKeycloakSessionFactory().getProviderFactory(RequiredActionProvider.class, providerId) == null) {
+            throw new BadRequestException("Required Action Provider with given providerId not found");
+        }
+
         String name = data.get("name");
         RequiredActionProviderModel requiredAction = new RequiredActionProviderModel();
         requiredAction.setAlias(providerId);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/RequiredActionsTest.java

@@ -109,6 +109,17 @@ public class RequiredActionsTest extends AbstractAuthenticationTest {
             // Expected
         }
 
+        // Try to register required action with fake providerId
+        RequiredActionProviderSimpleRepresentation requiredAction = new RequiredActionProviderSimpleRepresentation();
+        requiredAction.setName("not-existent");
+        requiredAction.setProviderId("not-existent");
+        try {
+            authMgmtResource.registerRequiredAction(requiredAction);
+            Assert.fail("Didn't expect to register requiredAction with providerId: 'not-existent'");
+        } catch (Exception ex) {
+            // Expected
+        }
+
         // Try to find not-existent action - should fail
         try {
             authMgmtResource.getRequiredAction("not-existent");