Re: [keycloak-dev] Provide a Link to go Back to The Application on a Timeout
Wouldn't 1) be a good option as browser restarts are the vast majority compared to
history deletion?
Even our very restrictive company directives don't clear the browser history on exit
while messing around
with a lot of my other browser settings...
Best regards,
Sebastian
Mit freundlichen Grüßen / Best regards
Sebastian Schuster
Engineering and Support (INST/ESY1)
Bosch Software Innovations GmbH | Schöneberger Ufer 89-91 | 10785 Berlin | GERMANY |
www.bosch-si.com
Tel. +49 30 726112-485 | Fax +49 30 726112-100 | Sebastian.Schuster(a)bosch-si.com
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Geschäftsführung: Dr.-Ing. Rainer Kallenbach, Michael Hahn
-----Original Message-----
From: keycloak-dev-bounces(a)lists.jboss.org [mailto:keycloak-dev-
bounces(a)lists.jboss.org] On Behalf Of Marek Posolda
Sent: Mittwoch, 17. Mai 2017 11:36
To: keycloak-dev(a)lists.jboss.org
Subject: [keycloak-dev] Provide a Link to go Back to The Application on a Timeout
We have the issue that after session timeout, the page "An error occurred, please
login again through your application." can be shown.
This is even worse when there is no link to go back to the application as users
might be confused what to do. Details in
https://issues.jboss.org/browse/KEYCLOAK-4016 .
This is already handled in many cases as when authentication session is expired, it
is always restarted from the KC_RESTART cookie.
However there are still cases when this error is shown, which is when the restart
from the cookie failed. This can happen when browser history (including cookies)
was cleared or when user restarted the browser (as the KC_RESTART cookie is not
persistent).
Some possibilities to solve:
1) Make the KC_RESTART cookie persistent. That will handle browser restart,
however it won't handle the case when browser history is deleted
2) Add client-id to every link as Stefan Baust suggested. Then we can add the link
to client base uri on the page. This is more work with the possibility of error-prone
if we miss to add the client-id to some link.
Also we will be able to provide the link just if client has "base-uri"
configured.
3) Add the link to the account management application page. After successful
login will be shown list of applications in account management and user can click
to his favourite application. Message would need to be changed to something like
"An error occurred, please login again through your application or go to the
<link>list of applications<link> and select your application after
login."
My preference is 3, 2, 1. WDYT? Any other ideas?
Thanks,
Marek
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev