[keycloak-dev] Strange behaviour with invalid state param

Michael Gerber gerbermichi at me.com
Fri Jan 9 07:45:26 EST 2015


Hi,

I have a strange behaviour with an invalid state param.

The server writes the following log, which is correct:
WARN  [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-17) No state cookie

After that I receive a 400 error in my browser with the following URL:
https://pcc811.hrms.ch:9443/index.html?code=Q-NK1wwTdqja5XU8lUkNkZnEy40ZdCx2FjC6qslukdc.9ef6b6f7-b888-4a59-b34c-7af6d490614b&state=dc-4d82-b0c9-d434b917dfce

I can load this URL again and than I am successfully logged in.

Is this the correct behaviour?

Best
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150109/693c158d/attachment.html 


More information about the keycloak-dev mailing list