The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
Go to http://openidc/ again and note that you are nevertheless authenticated.
Httpd logs:
openidc_1 | [Tue Dec 13 07:08:13.627167 2016] [auth_openidc:error] [pid 7:tid 140257659975424] [client 172.27.0.1:41500] oidc_restore_proto_state: no "mod_auth_openidc_state_NJetIlNWA76UoenQvPToC1mgHys" state cookie found, referer: http://keycloak:8080/auth/realms/Testrealm/protocol/openid-connect/auth?response_type=code&scope=openid%20email&client_id=testclient&state=NJetIlNWA76UoenQvPToC1mgHys&redirect_uri=http%3A%2F%2Fopenidc%2Fprotected%2Fredirect_uri&nonce=SkDkiZqVipYSJX6_os7uoUKaSVOPCimA220oQCYfirE
openidc_1 | [Tue Dec 13 07:08:13.627251 2016] [auth_openidc:error] [pid 7:tid 140257659975424] [client 172.27.0.1:41500] oidc_unsolicited_proto_state: could not parse JWT from state: invalid unsolicited response: [src/jose.c:723: oidc_jwt_parse]: cjose_jws_import failed: invalid argument [file: jws.c, function: cjose_jws_import, line: 864]\n\n, referer: http://keycloak:8080/auth/realms/Testrealm/protocol/openid-connect/auth?response_type=code&scope=openid%20email&client_id=testclient&state=NJetIlNWA76UoenQvPToC1mgHys&redirect_uri=http%3A%2F%2Fopenidc%2Fprotected%2Fredirect_uri&nonce=SkDkiZqVipYSJX6_os7uoUKaSVOPCimA220oQCYfirE
openidc_1 | [Tue Dec 13 07:08:13.627264 2016] [auth_openidc:error] [pid 7:tid 140257659975424] [client 172.27.0.1:41500] oidc_authorization_response_match_state: unable to restore state, referer: http://keycloak:8080/auth/realms/Testrealm/protocol/openid-connect/auth?response_type=code&scope=openid%20email&client_id=testclient&state=NJetIlNWA76UoenQvPToC1mgHys&redirect_uri=http%3A%2F%2Fopenidc%2Fprotected%2Fredirect_uri&nonce=SkDkiZqVipYSJX6_os7uoUKaSVOPCimA220oQCYfirE
openidc_1 | [Tue Dec 13 07:08:13.627272 2016] [auth_openidc:error] [pid 7:tid 140257659975424] [client 172.27.0.1:41500] oidc_handle_authorization_response: invalid authorization response state and no default SSO URL is set, sending an error..., referer: http://keycloak:8080/auth/realms/Testrealm/protocol/openid-connect/auth?response_type=code&scope=openid%20email&client_id=testclient&state=NJetIlNWA76UoenQvPToC1mgHys&redirect_uri=http%3A%2F%2Fopenidc%2Fprotected%2Fredirect_uri&nonce=SkDkiZqVipYSJX6_os7uoUKaSVOPCimA220oQCYfirE
openidc_1 | 172.27.0.1 - - [13/Dec/2016:07:08:13 +0000] "GET /protected/redirect_uri?state=NJetIlNWA76UoenQvPToC1mgHys&code=8kF-u-8lJHCDCGTXIgsj2YCIbYOXfh1DdYdWusNT60U.40fcc7fe-e70e-4c6f-9365-bb6806b4898f HTTP/1.1" 500 532 "http://keycloak:8080/auth/realms/Testrealm/protocol/openid-connect/auth?response_type=code&scope=openid%20email&client_id=testclient&state=NJetIlNWA76UoenQvPToC1mgHys&redirect_uri=http%3A%2F%2Fopenidc%2Fprotected%2Fredirect_uri&nonce=SkDkiZqVipYSJX6_os7uoUKaSVOPCimA220oQCYfirE" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36"
Steps to reproduce:
You get status 500:
Go to http://openidc/ again and note that you are nevertheless authenticated.
Httpd logs: