diff --git a/services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java b/services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java
index 59cd0b9..8e8c576 100644
--- a/services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java
+++ b/services/src/main/java/org/keycloak/protocol/RestartLoginCookie.java
@@ -154,6 +154,10 @@ public class RestartLoginCookie {
String encodedCookie = cook.getValue();
JWSInput input = new JWSInput(encodedCookie);
SecretKey secretKey = session.keys().getHmacSecretKey(realm, input.getHeader().getKeyId());
+ if (secretKey == null) {
+ logger.debug("Failed to retrieve HMAC secret key for session restart");
+ return null;
+ }
if (!HMACProvider.verify(input, secretKey)) {
logger.debug("Failed to verify encoded RestartLoginCookie");
return null;
