[keycloak-user] 500 HTTP Response Code Usage

Hi all, I'm having some issues in which Keycloak throws 500 responses for what, IMHO, should be a non-500 HTTP status code. For instance, take the following request: http://localhost:8080/auth/realms/master/protocol/saml/clients/null Keycloak returns a HTTP Status code of 500, with a text error message that says "Client not found." Seems like a textbook case for a HTTP 404 response code. The reason I ask is that we were hoping to use status codes for some monitoring and even traffic shaping + health analysis type things and have found them unreliable as an indicator of server function/health. Instead, 500's are also used when clients behave poorly (as in the example above) and do things like request non-existent clients, use bad parameters, or the like. Shouldn't this classification of errors use 4XX response codes? Is the team open to cleaning these up? Happy to help out with some PR's. -- Josh Cain Senior Software Applications Engineer, RHCE Red Hat North America jcain(a)redhat.com IRC: jcain