On 3.2.2015 10:15, Stian Thorgersen wrote:
> ----- Original Message -----
>> From: "Marek Posolda" <mposolda(a)redhat.com>
>> To: keycloak-dev(a)lists.jboss.org
>> Sent: Tuesday, 3 February, 2015 10:05:19 AM
>> Subject: [keycloak-dev] Automatic logout from KC admin console for non-authorized
users
>>
>> Right now, when user goes to keycloak admin console and he doesn't have
>> access (any admin roles assigned), he is logged out automatically. It's
>> done by "whoami" endpoint, which returns 401 in this case.
> +1000 Logging-out the user is just plain stupid, cant' believe we do that
I've created
https://issues.jboss.org/browse/KEYCLOAK-1025
>> Shouldn't we instead just display some notification like "Forbidden,
you
>> don't have access" instead of automatically logout user?
>>
>> My point is links between various admin consoles. For example when user
>> is logged in hawtio admin console and he click on link to Keycloak admin
>> console. But when he don't have access, he is logged out automatically,
>> which does SSO logout and logout him also from hawtio. To me it looks
>> like bit confusing behaviour tbh.
>>
>> Also do we have plan to add support for referrer in KC admin console
>> similarly like account mgmt has?
> I don't think referrer is the correct approach. What about if we add a feature to
Keycloak that lets you retrieve all applications a user has access to (where a user has at
least one role?) and that has a base url configured for it (maybe this should be changed
to default page). Then we can use this information to add an application switcher to all
consoles (like Google has, see attachment). This is probably something we should discuss
with Management .Next guys though ;)
Looks like great solution from long-term perspective. It's perhaps
something to discuss with management .next to see if other "product
consoles" are interested in this feature.
+1 There definitely is interest.
Marek
>> Marek
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev