4:25 p.m.
I was testing keycloak and I came across something weird.
I try to access a protected resource, so I get redirected to the Keycloak
login page, if I hit cancel without doing anything, I get a response with
status 400 and a query param appears like this:
*error=access_denied*
The same does not happen on Wildfly.
Should I open a JIRA for this?
--
Rodrigo Sasaki
2:36 a.m.
Hi,
I would say that this is not a bug but expected behaviour. If user press
"Cancel", keycloak will redirect you to your application with
"error=access_denied" so it's up to your application how to handle this
situation. You can either redirect user to public resource or display
some page with error like "Access is denied for you because you rejected
to login".
I think that this behaviour should be on both AS7 and Wildfly. I've just
tried with Wildfly appliance distribution and it works (When pressing
cancel it redirects me to my app with 400 and "error=access_denied").
Quite strange that you are seeing different behaviour with Wildfly.
Marek
On 2.9.2014 23:25, Rodrigo Sasaki wrote:
I was testing keycloak and I came across something weird.
I try to access a protected resource, so I get redirected to the
Keycloak login page, if I hit cancel without doing anything, I get a
response with status 400 and a query param appears like this:
*error=access_denied*
*
*
The same does not happen on Wildfly.
Should I open a JIRA for this?
--
Rodrigo Sasaki
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
8:01 a.m.
I think it does the same thing, but on the JBoss 7 adapter it follows a
different flow, if there is anything on the error query param, it redirects
to status 400, and it doesn't work the same way as the Wildfly one. There's
a TODO commentary there, maybe that's what's missing. Not sure.
I see it on line 193 of the OAuthRequestAuthenticator class
Is this how it should behave?
On Wed, Sep 3, 2014 at 4:36 AM, Marek Posolda <mposolda(a)redhat.com> wrote:
Hi,
I would say that this is not a bug but expected behaviour. If user press
"Cancel", keycloak will redirect you to your application with
"error=access_denied" so it's up to your application how to handle this
situation. You can either redirect user to public resource or display some
page with error like "Access is denied for you because you rejected to
login".
I think that this behaviour should be on both AS7 and Wildfly. I've just
tried with Wildfly appliance distribution and it works (When pressing
cancel it redirects me to my app with 400 and "error=access_denied"). Quite
strange that you are seeing different behaviour with Wildfly.
Marek
On 2.9.2014 23:25, Rodrigo Sasaki wrote:
I was testing keycloak and I came across something weird.
I try to access a protected resource, so I get redirected to the
Keycloak login page, if I hit cancel without doing anything, I get a
response with status 400 and a query param appears like this:
*error=access_denied*
The same does not happen on Wildfly.
Should I open a JIRA for this?
--
Rodrigo Sasaki
_______________________________________________
keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
--
Rodrigo Sasaki
3781
days inactive
3782
days old
2 comments
2 participants
participants (2)
-
Marek Posolda -
Rodrigo Sasaki