[keycloak-dev] Provide a Link to go Back to The Application on a Timeout
Schuster Sebastian (INST/ESY1)
Sebastian.Schuster at bosch-si.com
Wed May 17 09:09:48 EDT 2017
Wouldn't 1) be a good option as browser restarts are the vast majority compared to history deletion?
Even our very restrictive company directives don't clear the browser history on exit while messing around
with a lot of my other browser settings...
Mit freundlichen Grüßen / Best regards
Engineering and Support (INST/ESY1)
Bosch Software Innovations GmbH | Schöneberger Ufer 89-91 | 10785 Berlin | GERMANY | www.bosch-si.com
Tel. +49 30 726112-485 | Fax +49 30 726112-100 | Sebastian.Schuster at bosch-si.com
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Geschäftsführung: Dr.-Ing. Rainer Kallenbach, Michael Hahn
> -----Original Message-----
> From: keycloak-dev-bounces at lists.jboss.org [mailto:keycloak-dev-
> bounces at lists.jboss.org] On Behalf Of Marek Posolda
> Sent: Mittwoch, 17. Mai 2017 11:36
> To: keycloak-dev at lists.jboss.org
> Subject: [keycloak-dev] Provide a Link to go Back to The Application on a Timeout
> We have the issue that after session timeout, the page "An error occurred, please
> login again through your application." can be shown.
> This is even worse when there is no link to go back to the application as users
> might be confused what to do. Details in
> https://issues.jboss.org/browse/KEYCLOAK-4016 .
> This is already handled in many cases as when authentication session is expired, it
> is always restarted from the KC_RESTART cookie.
> However there are still cases when this error is shown, which is when the restart
> from the cookie failed. This can happen when browser history (including cookies)
> was cleared or when user restarted the browser (as the KC_RESTART cookie is not
> Some possibilities to solve:
> 1) Make the KC_RESTART cookie persistent. That will handle browser restart,
> however it won't handle the case when browser history is deleted
> 2) Add client-id to every link as Stefan Baust suggested. Then we can add the link
> to client base uri on the page. This is more work with the possibility of error-prone
> if we miss to add the client-id to some link.
> Also we will be able to provide the link just if client has "base-uri"
> 3) Add the link to the account management application page. After successful
> login will be shown list of applications in account management and user can click
> to his favourite application. Message would need to be changed to something like
> "An error occurred, please login again through your application or go to the
> <link>list of applications<link> and select your application after login."
> My preference is 3, 2, 1. WDYT? Any other ideas?
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
More information about the keycloak-dev