diff --git a/services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java b/services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java
index 59cd0b9f78..8e8c576e93 100644
--- a/services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java
+++ b/services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java
@@ -154,6 +154,10 @@ public class RestartLoginCookie {
         String encodedCookie = cook.getValue();
         JWSInput input = new JWSInput(encodedCookie);
         SecretKey secretKey = session.keys().getHmacSecretKey(realm, input.getHeader().getKeyId());
+        if (secretKey == null) {
+            logger.debug("Failed to retrieve HMAC secret key for session restart");
+            return null;
+        }
         if (!HMACProvider.verify(input, secretKey)) {
             logger.debug("Failed to verify encoded RestartLoginCookie");
             return null;