Hello,

I am trying to implement POC with keycloak as auth* server.

Here is my set up / use case:

Tomcat server with keycloak adapter
Web app with a URL http://x.y/app/secure protected by a security constraint.
An unauthenticated user goes to the URL and gets redirected by the adapter to the keycloak login page.
The user clicks Cancel button and gets redirected back to the URL with parameters ?error=access_denied&state=1%2Fxxxx
This redirect is intercepted by the adapter and user's browser gets 400 error from the adapter. My application never receives the request.

So my questions are:

1. Is this correct description of what's going on or am I missing something?

2. If this is the behavior by design wouldn't it be better instead of the 400 error to redirect user to some themed page on the keycloak server with a nice explanation, like "We're sorry, but you cannot access this resource without authentication, blablabla "

Thank you,

Roman Usatenko.