Whenever the Identity Server reports a 500 internal error due to an invalid input, the reason for failure is included in the response and visible on the browser.
This might cause a security issue as intruders can use this information to attack against the Identity Server and ESP.
To prevent this, configure the web.xml file as follows:
<welcome-file-list> <welcome-file>index.html</welcome-file> </welcome-file-list> <error-page> <error-code>500</error-code> <location>/index.html</location> </error-page>
index.html can be any custom page. You can configure web.xml for error-code 404 same as above by adding one more <error-page> tag.