[keycloak-user] Cancel button handling on keycloak login page

[Stian Thorgersen]

----- Original Message -----
> From: "Roman Usatenko" <roman.usatenko at gmail.com>
> To: keycloak-user at lists.jboss.org
> Sent: Saturday, 30 May, 2015 1:39:33 AM
> Subject: [keycloak-user] Cancel button handling on keycloak login page
> 
> Hello,
> 
> I am trying to implement POC with keycloak as auth* server.
> 
> Here is my set up / use case:
> 
> 
>     * Tomcat server with keycloak adapter
>     * Web app with a URL http://x.y/app/secure protected by a security
>     constraint.
>     * An unauthenticated user goes to the URL and gets redirected by the
>     adapter to the keycloak login page.
>     * The user clicks Cancel button and gets redirected back to the URL with
>     parameters ?error=access_denied&state=1%2Fxxxx
>     * This redirect is intercepted by the adapter and user's browser gets 400
>     error from the adapter. My application never receives the request.
> So my questions are:
> 
> 1. Is this correct description of what's going on or am I missing something?
> 
> 2. If this is the behavior by design wouldn't it be better instead of the 400
> error to redirect user to some themed page on the keycloak server with a
> nice explanation, like "We're sorry, but you cannot access this resource
> without authentication, blablabla "

You can decide how the 400 error page looks like for your application by configuring error pages in web.xml (see for example https://blog.whitehatsec.com/error-handling-in-java-web-xml/)

> 
> Thank you,
> Roman Usatenko.
> 
> 
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user