I think it does the same thing, but on the JBoss 7 adapter it follows a different flow, if there is anything on the error query param, it redirects to status 400, and it doesn't work the same way as the Wildfly one. There's a TODO commentary there, maybe that's what's missing. Not sure.

I see it on line 193 of the OAuthRequestAuthenticator class

Is this how it should behave?

On Wed, Sep 3, 2014 at 4:36 AM, Marek Posolda <mposolda@redhat.com> wrote:

Hi,

I would say that this is not a bug but expected behaviour. If user press "Cancel", keycloak will redirect you to your application with "error=access_denied" so it's up to your application how to handle this situation. You can either redirect user to public resource or display some page with error like "Access is denied for you because you rejected to login".

I think that this behaviour should be on both AS7 and Wildfly. I've just tried with Wildfly appliance distribution and it works (When pressing cancel it redirects me to my app with 400 and "error=access_denied"). Quite strange that you are seeing different behaviour with Wildfly.

Marek

On 2.9.2014 23:25, Rodrigo Sasaki wrote:
I was testing keycloak and I came across something weird.

I try to access a protected resource, so I get redirected to the Keycloak login page, if I hit cancel without doing anything, I get a response with status 400 and a query param appears like this:

error=access_denied

The same does not happen on Wildfly.

Should I open a JIRA for this?

--

Rodrigo Sasaki
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

Rodrigo Sasaki