Error Handling

Keycloak has some error handling facilities for servlet based client adapters. When an error is encountered in authentication, Keycloak will call HttpServletResponse.sendError(). You can set up an error-page within your web.xml file to handle the error however you want. Keycloak can throw 400, 401, 403, and 500 errors.


Keycloak also sets a HttpServletRequest attribute that you can retrieve. The attribute name is org.keycloak.adapters.spi.AuthenticationError, which should be casted to org.keycloak.adapters.OIDCAuthenticationError.

For example:

import org.keycloak.adapters.OIDCAuthenticationError;
import org.keycloak.adapters.OIDCAuthenticationError.Reason;

OIDCAuthenticationError error = (OIDCAuthenticationError) httpServletRequest

Reason reason = error.getReason();