Strange behaviour with invalid state param - keycloak-dev - Jboss List Archives

2025

January

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Strange behaviour with invalid state param

HA Support For Keycloak

Keycloak in JBoss projects

Michael Gerber

Friday, 9 January 2015 Fri, 9 Jan '15

6:45 a.m.

Hi, I have a strange behaviour with an invalid state param. The server writes the following log, which is correct: WARN [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-17) No state cookie After that I receive a 400 error in my browser with the following URL: https://pcc811.hrms.ch:9443/index.html?code=Q-NK1wwTdqja5XU8lUkNkZnEy40Zd... I can load this URL again and than I am successfully logged in. Is this the correct behaviour? Best Michael

Attachments:

attachment.html (text/html — 942 bytes)

Reply

Show replies by date

Stian Thorgersen

Friday, 9 January Fri, 9 Jan

7:35 a.m.

Doesn't sound correct to me. Are you expecting the invalid state param result? Is this reproducible? ----- Original Message -----

From: "Michael Gerber" <gerbermichi(a)me.com> To: keycloak-dev(a)lists.jboss.org Sent: Friday, 9 January, 2015 1:45:26 PM Subject: [keycloak-dev] Strange behaviour with invalid state param Hi, I have a strange behaviour with an invalid state param. The server writes the following log, which is correct: WARN [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-17) No state cookie After that I receive a 400 error in my browser with the following URL: https://pcc811.hrms.ch:9443/index.html?code=Q-NK1wwTdqja5XU8lUkNkZnEy40Zd... I can load this URL again and than I am successfully logged in. Is this the correct behaviour? Best Michael _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

Reply

Bill Burke

7:40 a.m.

What I think is happening is that you have an invalid state cookie (as per the oauth spec), you reload the app URL again and authentication is successful. While I don't know why you are getting "No state cookie" the rest makes sense as you're just going through a successful login. On 1/9/2015 7:45 AM, Michael Gerber wrote:

Hi, I have a strange behaviour with an invalid state param. The server writes the following log, which is correct: WARN [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-17) No state cookie After that I receive a 400 error in my browser with the following URL: https://pcc811.hrms.ch:9443/index.html?code=Q-NK1wwTdqja5XU8lUkNkZnEy40Zd... I can load this URL again and than I am successfully logged in. Is this the correct behaviour? Best Michael _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev

-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

3659

days inactive

3659

days old

keycloak-dev@lists.jboss.org

Manage subscription

2 comments

3 participants

tags (0)

participants (3)

Bill Burke
Michael Gerber
Stian Thorgersen