60 lines
No EOL
1.5 KiB
Text
Executable file
60 lines
No EOL
1.5 KiB
Text
Executable file
|
|
[[_adapter_error_handling]]
|
|
=== Error Handling
|
|
|
|
Keycloak has some error handling facilities for servlet based client adapters.
|
|
When an error is encountered in authentication, keycloak will call `HttpServletResponse.sendError()`.
|
|
You can set up an error-page within your `web.xml` file to handle the error however you want.
|
|
Keycloak may throw 400, 401, 403, and 500 errors.
|
|
|
|
|
|
[source]
|
|
----
|
|
|
|
|
|
<error-page>
|
|
<error-code>404</error-code>
|
|
<location>/ErrorHandler</location>
|
|
</error-page>
|
|
----
|
|
|
|
Keycloak also sets an `HttpServletRequest` attribute that you can retrieve.
|
|
The attribute name is `org.keycloak.adapters.spi.AuthenticationError`.
|
|
Typecast this object to: `org.keycloak.adapters.OIDCAuthenticationError`.
|
|
This class can tell you exactly what happened.
|
|
If this attribute is not set, then the adapter was not responsible for the error code.
|
|
|
|
|
|
[source]
|
|
----
|
|
|
|
public class OIDCAuthenticationError implements AuthenticationError {
|
|
public static enum Reason {
|
|
NO_BEARER_TOKEN,
|
|
NO_REDIRECT_URI,
|
|
INVALID_STATE_COOKIE,
|
|
OAUTH_ERROR,
|
|
SSL_REQUIRED,
|
|
CODE_TO_TOKEN_FAILURE,
|
|
INVALID_TOKEN,
|
|
STALE_TOKEN,
|
|
NO_AUTHORIZATION_HEADER
|
|
}
|
|
|
|
private Reason reason;
|
|
private String description;
|
|
|
|
public OIDCAuthenticationError(Reason reason, String description) {
|
|
this.reason = reason;
|
|
this.description = description;
|
|
}
|
|
|
|
public Reason getReason() {
|
|
return reason;
|
|
}
|
|
|
|
public String getDescription() {
|
|
return description;
|
|
}
|
|
}
|
|
---- |