[keycloak-user] Cancel button handling on keycloak login page
stian at redhat.com
Mon Jun 1 02:44:08 EDT 2015
----- Original Message -----
> From: "Roman Usatenko" <roman.usatenko at gmail.com>
> To: keycloak-user at lists.jboss.org
> Sent: Saturday, 30 May, 2015 1:39:33 AM
> Subject: [keycloak-user] Cancel button handling on keycloak login page
> I am trying to implement POC with keycloak as auth* server.
> Here is my set up / use case:
> * Tomcat server with keycloak adapter
> * Web app with a URL http://x.y/app/secure protected by a security
> * An unauthenticated user goes to the URL and gets redirected by the
> adapter to the keycloak login page.
> * The user clicks Cancel button and gets redirected back to the URL with
> parameters ?error=access_denied&state=1%2Fxxxx
> * This redirect is intercepted by the adapter and user's browser gets 400
> error from the adapter. My application never receives the request.
> So my questions are:
> 1. Is this correct description of what's going on or am I missing something?
> 2. If this is the behavior by design wouldn't it be better instead of the 400
> error to redirect user to some themed page on the keycloak server with a
> nice explanation, like "We're sorry, but you cannot access this resource
> without authentication, blablabla "
You can decide how the 400 error page looks like for your application by configuring error pages in web.xml (see for example https://blog.whitehatsec.com/error-handling-in-java-web-xml/)
> Thank you,
> Roman Usatenko.
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
More information about the keycloak-user