[keycloak-user] Default client for a realm

Fri Feb 5 09:15:31 EST 2016

Hello Stian, Hello Thomas,

yes I understand that - and I agree that falling back to the default client
in case of a missing client is not a good idea.

However I think I would be very helpful to be able to initiate a redirect
from one client to another client (that is just known by client_id)
for the use case I outlined above -> e.g. redirecting to a "launchpad" app.

E.g.:
https://keycloak-server:8080/auth/realms/my-realm/redirect?client_id=my-default-client
-> would redirect to the my-default-client base url.

https://keycloak-server:8080/auth/realms/my-realm/redirect
-> would redirect to the client marked as "default"

@Thomas
Initially I also thought about having a default redirect url per realm but
then I thought that simply refering to a client_id and let keycloak
redirect the user
appropriatly would be more flexible, especially because you can then also
leverage all the client metadata that is available for a client (name,
description etc.).

Cheers,
Thomas

2016-02-05 15:03 GMT+01:00 Stian Thorgersen <sthorger at redhat.com>:

>
>
> On 5 February 2016 at 14:55, Thomas Raehalme <
> thomas.raehalme at aitiofinland.com> wrote:
>
>> Hi!
>>
>> How about just a default redirect URL where the user is redirected when
>> it's appropriate to return back to the application?
>> The redirection could be immediate or a link on the error view.
>>
>
> Errors should not be masked and you can already customize the error page
> to add a link
>
>
>>
>> I think this would help avoid a lot of confusion when Keycloak for a
>> reason or another is not aware of the client and needs to abort the process.
>>
>
> There are only a few cases where the client isn't known and I don't think
> this is a good solution for either of those:
>
> * Admin sends email action to user - a better solution here would be to
> allow admin to select a client
> * Client session times out and is garbage collected - we could add client
> uuid to the client session code which would mean it's always available
> * Client is not specified - this is an error in your application and
> should not just be masked. Solution to make it more friendly is to improve
> error page
>
>
>>
>> Best regards,
>> Thomas
>>
>>
>> On Fri, Feb 5, 2016 at 3:48 PM, Thomas Darimont <
>> thomas.darimont at googlemail.com> wrote:
>>
>>> Hi group,
>>>
>>> I have multiple realms and a list of clients registered within each
>>> realm. For each realm I'd like to configure
>>> a "default" client that can be used as a redirect fallback if no client
>>> or redirect_uri was specified in requests.
>>>
>>> The usecase is to provide some kind of "home" or "launchpad" service
>>> where users are redirected to in case
>>> they don't know or didn't specify where to go.
>>> The launchpad would then present a "fancy selection" of all the apps
>>> (clients) that are available to the current user,
>>> somewhat comparable to the https://www.google.de/intl/de/about/products/
>>> page.
>>>
>>> Is this already possible or considered as a feature?
>>>
>>> A default "default" client could be the account application.
>>>
>>> A quick hack I could think of would be to define a client with the name
>>> "default" (or another well-known name)
>>> and register a custom endpoint in Keycloak that would accept the
>>> client_id as a url parameter and redirect to the
>>> configured client base url.
>>>
>>> Cheers,
>>> Thomas
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160205/502b2cb6/attachment.html 