Http Status 200 returned on invalid login informations

86 views

Skip to first unread message

Thomas Colin de Verdière

unread,

Nov 18, 2021, 11:34:06 AM11/18/21

to Keycloak User

Hello

I'm debugging a problem on our development platform. We have an app which is protected by Keycloak. Between the 2 there is an API Gateway: Kong. This gateway redirects to keycloak when the user is not authenticated.

It works fine, but when the user enters invalid login credentials the response http status is 200. I was expecting 401 or something like that.

So to isolate the components, I installed only installed keycloak with docker :

docker run -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:15.0.2

I connected to the url http://localhost:8080/auth/admin/master/console/

the server redirects to :

http://localhost:8080/auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console

I enter wrong login information but the http status response is 200.

Is this the usual behavior of Keycloak? Could i set another http response code?

Thank you

Thomas Colin de Verdière

Reply all

Reply to author

Forward

0 new messages