Keycloak state parameter invalid

Question

When user clicks login, redirected to Keycloak login page & then after successful login, user comes back to application with 400 error page. Server log shows following:

[Server:node-00] 13:40:00,709 WARN [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-30) state parameter invalid

My application conf is:

<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
    <secure-deployment name="appWEB.war">
        <realm>demo</realm>
        <resource>app</resource>
        <public-client>true</public-client>
        <auth-server-url>http://localhost:8180/auth</auth-server-url>
        <ssl-required>EXTERNAL</ssl-required>
    </secure-deployment>
</subsystem>

Application URL is https://localhost:8443/app & redirect_url is https://localhost:8443/app/private.jsf.

When I use http, it works. But the error comes when I use same with https. Any thoughts?

Answer 1

Here it can be many scenario which may failing with https

1. Keycloak running in https
2. Create self sign certification for keycloak.
3. Import this certificate to your local Java environment.SO handshake can be possible.

I hope you generate the certificates in keycloak you can find the the certificate inside keycloak/security/ssl.