diff --git a/src/Security/KeycloakAuthenticator.php b/src/Security/KeycloakAuthenticator.php
index b1e5655..e682b57 100644
--- a/src/Security/KeycloakAuthenticator.php
+++ b/src/Security/KeycloakAuthenticator.php
@@ -19,18 +19,21 @@ use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPasspor
 use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 use Symfony\Component\Uid\Uuid;
 use KnpU\OAuth2ClientBundle\Security\Exception\InvalidStateAuthenticationException;
+use Psr\Log\LoggerInterface;
 
 class KeycloakAuthenticator extends OAuth2Authenticator implements AuthenticationEntryPointInterface
 {
     private $clientRegistry;
     private $entityManager;
     private $router;
+    private $logger;
 
-    public function __construct(ClientRegistry $clientRegistry, EntityManagerInterface $entityManager, RouterInterface $router)
+    public function __construct(ClientRegistry $clientRegistry, EntityManagerInterface $entityManager, RouterInterface $router, LoggerInterface $logger)
     {
         $this->clientRegistry = $clientRegistry;
         $this->entityManager = $entityManager;
         $this->router = $router;
+        $this->logger = $logger;
     }
 
     public function supports(Request $request): ?bool
@@ -93,6 +96,11 @@ class KeycloakAuthenticator extends OAuth2Authenticator implements Authenticatio
     public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
     {
         if ($exception instanceof InvalidStateAuthenticationException) {
+            $this->logger->error('SSO Invalid State', [
+                'session_id' => $request->getSession()->getId(),
+                'has_session' => $request->hasSession(),
+                'state_param' => $request->query->get('state'),
+            ]);
             return new RedirectResponse($this->router->generate('app_home'));
         }