8:15 a.m.
Hello Stian, Hello Thomas,
yes I understand that - and I agree that falling back to the default client
in case of a missing client is not a good idea.
However I think I would be very helpful to be able to initiate a redirect
from one client to another client (that is just known by client_id)
for the use case I outlined above -> e.g. redirecting to a "launchpad" app.
E.g.:
https://keycloak-server:8080/auth/realms/my-realm/redirect?client_id=my-d...
-> would redirect to the my-default-client base url.
https://keycloak-server:8080/auth/realms/my-realm/redirect
-> would redirect to the client marked as "default"
@Thomas
Initially I also thought about having a default redirect url per realm but
then I thought that simply refering to a client_id and let keycloak
redirect the user
appropriatly would be more flexible, especially because you can then also
leverage all the client metadata that is available for a client (name,
description etc.).
Cheers,
Thomas
2016-02-05 15:03 GMT+01:00 Stian Thorgersen <sthorger(a)redhat.com>:
On 5 February 2016 at 14:55, Thomas Raehalme <
thomas.raehalme(a)aitiofinland.com> wrote:
> Hi!
>
> How about just a default redirect URL where the user is redirected when
> it's appropriate to return back to the application?
> The redirection could be immediate or a link on the error view.
>
Errors should not be masked and you can already customize the error page
to add a link
>
> I think this would help avoid a lot of confusion when Keycloak for a
> reason or another is not aware of the client and needs to abort the process.
>
There are only a few cases where the client isn't known and I don't think
this is a good solution for either of those:
* Admin sends email action to user - a better solution here would be to
allow admin to select a client
* Client session times out and is garbage collected - we could add client
uuid to the client session code which would mean it's always available
* Client is not specified - this is an error in your application and
should not just be masked. Solution to make it more friendly is to improve
error page
>
> Best regards,
> Thomas
>
>
> On Fri, Feb 5, 2016 at 3:48 PM, Thomas Darimont <
> thomas.darimont(a)googlemail.com> wrote:
>
>> Hi group,
>>
>> I have multiple realms and a list of clients registered within each
>> realm. For each realm I'd like to configure
>> a "default" client that can be used as a redirect fallback if no
client
>> or redirect_uri was specified in requests.
>>
>> The usecase is to provide some kind of "home" or "launchpad"
service
>> where users are redirected to in case
>> they don't know or didn't specify where to go.
>> The launchpad would then present a "fancy selection" of all the apps
>> (clients) that are available to the current user,
>> somewhat comparable to the https://www.google.de/intl/de/about/products/
>> page.
>>
>> Is this already possible or considered as a feature?
>>
>> A default "default" client could be the account application.
>>
>> A quick hack I could think of would be to define a client with the name
>> "default" (or another well-known name)
>> and register a custom endpoint in Keycloak that would accept the
>> client_id as a url parameter and redirect to the
>> configured client base url.
>>
>> Cheers,
>> Thomas
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>