<div dir="ltr">Hello Stian, Hello Thomas,<div><br></div><div>yes I understand that - and I agree that falling back to the default client in case of a missing client is not a good idea.</div><div><br></div><div>However I think I would be very helpful to be able to initiate a redirect from one client to another client (that is just known by client_id) </div><div>for the use case I outlined above -> e.g. redirecting to a "launchpad" app.</div><div><br></div><div>E.g.:</div><div><div><a href="https://keycloak-server:8080/auth/realms/my-realm/redirect?client_id=my-default-client">https://keycloak-server:8080/auth/realms/my-realm/redirect?client_id=my-default-client</a></div><div>-> would redirect to the my-default-client base url.</div><div><br></div><div><a href="https://keycloak-server:8080/auth/realms/my-realm/redirect">https://keycloak-server:8080/auth/realms/my-realm/redirect</a></div><div>-> would redirect to the client marked as "default"</div></div><div><br></div><div>@Thomas</div><div>Initially I also thought about having a default redirect url per realm but then I thought that simply refering to a client_id and let keycloak redirect the user</div><div>appropriatly would be more flexible, especially because you can then also leverage all the client metadata that is available for a client (name, description etc.).</div><div><br></div><div>Cheers,</div><div>Thomas</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-02-05 15:03 GMT+01:00 Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On 5 February 2016 at 14:55, Thomas Raehalme <span dir="ltr"><<a href="mailto:thomas.raehalme@aitiofinland.com" target="_blank">thomas.raehalme@aitiofinland.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi!</div><div><br></div><div>How about just a default redirect URL where the user is redirected when it's appropriate to return back to the application?</div><div>The redirection could be immediate or a link on the error view.</div></div></blockquote><div><br></div></span><div>Errors should not be masked and you can already customize the error page to add a link</div><span class=""><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><br></div><div>I think this would help avoid a lot of confusion when Keycloak for a reason or another is not aware of the client and needs to abort the process.</div></div></blockquote><div><br></div></span><div>There are only a few cases where the client isn't known and I don't think this is a good solution for either of those:</div><div><br></div><div>* Admin sends email action to user - a better solution here would be to allow admin to select a client</div><div>* Client session times out and is garbage collected - we could add client uuid to the client session code which would mean it's always available</div><div>* Client is not specified - this is an error in your application and should not just be masked. Solution to make it more friendly is to improve error page</div><div><div class="h5"><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><br></div><div>Best regards,</div><div>Thomas</div><br><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Fri, Feb 5, 2016 at 3:48 PM, Thomas Darimont <span dir="ltr"><<a href="mailto:thomas.darimont@googlemail.com" target="_blank">thomas.darimont@googlemail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><div>Hi group,</div><div><br></div><div>I have multiple realms and a list of clients registered within each realm. For each realm I'd like to configure</div><div>a "default" client that can be used as a redirect fallback if no client or redirect_uri was specified in requests.</div><div><br></div><div>The usecase is to provide some kind of "home" or "launchpad" service where users are redirected to in case</div><div>they don't know or didn't specify where to go.</div><div>The launchpad would then present a "fancy selection" of all the apps (clients) that are available to the current user,</div><div>somewhat comparable to the <a href="https://www.google.de/intl/de/about/products/" target="_blank">https://www.google.de/intl/de/about/products/</a> page.</div><div><br></div><div>Is this already possible or considered as a feature?</div><div><br></div><div>A default "default" client could be the account application.</div><div><br></div><div>A quick hack I could think of would be to define a client with the name "default" (or another well-known name)</div><div>and register a custom endpoint in Keycloak that would accept the client_id as a url parameter and redirect to the</div><div>configured client base url.</div><div><br></div><div>Cheers,</div><div>Thomas</div></div>
<br></div></div>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br><br>
</div></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div></div></div><br></div></div>
</blockquote></div><br></div>