diff --git a/lib/AccessCheck/App/Controller.pm b/lib/AccessCheck/App/Controller.pm
index 452d49137289c5454ccfb11d66e1e9168c6a62cf..9851bbf5cafe09bbfa75ddd6d1da17c8afc295de 100644
--- a/lib/AccessCheck/App/Controller.pm
+++ b/lib/AccessCheck/App/Controller.pm
@@ -133,7 +133,7 @@ sub check_csrf_token {
     return $self->abort(
         status       => 403,
         log_message  => sprintf("missing anti-CSRF token for action %s", $self->current_route()),
-        user_message => "missing CSRF token"
+        user_message => "missing_csrf_token"
     ) if !$provided_token;
 
     my $expected_token = $self->csrf_token();
@@ -146,7 +146,7 @@ sub check_csrf_token {
             $provided_token,
             $expected_token,
         ),
-        user_message => "invalid CSRF token"
+        user_message => "invalid_csrf_token"
     ) if $provided_token ne $expected_token;
 
     return 1;
diff --git a/lib/AccessCheck/L10N/fr.pm b/lib/AccessCheck/L10N/fr.pm
index 5be7bac2fa6e001079fe7fa20ff22932c9754879..49b0fb62eec286302e72014a576a74fcda2bc2a9 100644
--- a/lib/AccessCheck/L10N/fr.pm
+++ b/lib/AccessCheck/L10N/fr.pm
@@ -296,6 +296,11 @@ msgstr "Les attributs eduPersonAffiliation et eduPersonScopedAffiliation sont va
 #: templates/web/edugain/errors.tt2.html:12 templates/web/renater/errors.tt2.html:12
 msgid "internal error"
 msgstr "erreur interne"
+
+#: templates/web/edugain/errors.html.tt2:35 templates/web/renater/errors.html.tt2:32
+msgid "invalid CSRF token"
+msgstr "jeton CSRF invalide"
+
 #. (matches.0)
 #: templates/web/edugain/errors.html.tt2:35
 msgid "invalid parameter '%1'"
@@ -305,6 +310,10 @@ msgstr "paramètre invalide '%1'"
 msgid "mail notification failure"
 msgstr "échec de notification par mail"
 
+#: templates/web/edugain/errors.html.tt2:32 templates/web/renater/errors.html.tt2:29
+msgid "missing CSRF token"
+msgstr "jeton CSRF manquant"
+
 #. (matches.0)
 #: templates/web/edugain/errors.tt2.html:30 templates/web/renater/errors.tt2.html:30
 msgid "missing parameter '%1'"
diff --git a/templates/web/edugain/errors.html.tt2 b/templates/web/edugain/errors.html.tt2
index 8ab9a273f6431ee22c7673366e347de871cc5127..66056e77972b5b1ba46e665d79a8a75ca41b99bc 100644
--- a/templates/web/edugain/errors.html.tt2
+++ b/templates/web/edugain/errors.html.tt2
@@ -28,6 +28,12 @@
         [% ELSIF error == 'no_displayname_attribute' %]
         [% c.loc("your identity provider doesn't provide displayName attribute, required for this application") %]
 
+        [% ELSIF error == 'missing_csrf_token' %]
+        [% c.loc("missing CSRF token") %]
+
+        [% ELSIF error == 'invalid_csrf_token' %]
+        [% c.loc("invalid CSRF token") %]
+
         [% ELSIF (matches = error.match('missing_(\w+)')) %]
         [% c.loc("missing parameter '[_1]'", matches.0) %]
 
diff --git a/templates/web/renater/errors.html.tt2 b/templates/web/renater/errors.html.tt2
index 66119424a892c443c4c5895d07918b0925975169..f826368ba6a388a7944cbbdae2265c3f0cf16870 100644
--- a/templates/web/renater/errors.html.tt2
+++ b/templates/web/renater/errors.html.tt2
@@ -25,10 +25,16 @@
         [% ELSIF error == 'unauthenticated' %]
         [% c.loc("you need to authenticate to access this page") %]
 
+        [% ELSIF error == 'missing_csrf_token' %]
+        [% c.loc("missing CSRF token") %]
+
+        [% ELSIF error == 'invalid_csrf_token' %]
+        [% c.loc("invalid CSRF token") %]
+
         [% ELSIF (matches = error.match('missing_(\w+)')) %]
         [% c.loc("missing parameter '[_1]'", matches.0) %]
 
-	[% ELSIF (matches = error.match('invalid_(\w+)')) %]
+        [% ELSIF (matches = error.match('invalid_(\w+)')) %]
         [% c.loc("invalid parameter '[_1]'", matches.0) %]
 
         [% ELSE %]