----- Original Message -----
From: "Marek Posolda" <mposolda(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Tuesday, 3 February, 2015 10:05:19 AM
Subject: [keycloak-dev] Automatic logout from KC admin console for non-authorized users
Right now, when user goes to keycloak admin console and he doesn't have
access (any admin roles assigned), he is logged out automatically. It's
done by "whoami" endpoint, which returns 401 in this case.
+1000 Logging-out the user is just plain stupid, cant' believe we do that
Shouldn't we instead just display some notification like "Forbidden, you
don't have access" instead of automatically logout user?
My point is links between various admin consoles. For example when user
is logged in hawtio admin console and he click on link to Keycloak admin
console. But when he don't have access, he is logged out automatically,
which does SSO logout and logout him also from hawtio. To me it looks
like bit confusing behaviour tbh.
Also do we have plan to add support for referrer in KC admin console
similarly like account mgmt has?
I don't think referrer is the correct approach. What about if we add a feature to
Keycloak that lets you retrieve all applications a user has access to (where a user has at
least one role?) and that has a base url configured for it (maybe this should be changed
to default page). Then we can use this information to add an application switcher to all
consoles (like Google has, see attachment). This is probably something we should discuss
with Management .Next guys though ;)
Marek
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev