Hello Stian, Hello Thomas,

yes I understand that - and I agree that falling back to the default client in case of a missing client is not a good idea.

However I think I would be very helpful to be able to initiate a redirect from one client to another client (that is just known by client_id) 
for the use case I outlined above -> e.g. redirecting to a "launchpad" app.

E.g.:
https://keycloak-server:8080/auth/realms/my-realm/redirect?client_id=my-default-client
-> would redirect to the my-default-client base url.

https://keycloak-server:8080/auth/realms/my-realm/redirect
-> would redirect to the client marked as "default"

@Thomas
Initially I also thought about having a default redirect url per realm but then I thought that simply refering to a client_id and let keycloak redirect the user
appropriatly would be more flexible, especially because you can then also leverage all the client metadata that is available for a client (name, description etc.).

Cheers,
Thomas

2016-02-05 15:03 GMT+01:00 Stian Thorgersen <sthorger@redhat.com>:


On 5 February 2016 at 14:55, Thomas Raehalme <thomas.raehalme@aitiofinland.com> wrote:
Hi!

How about just a default redirect URL where the user is redirected when it's appropriate to return back to the application?
The redirection could be immediate or a link on the error view.

Errors should not be masked and you can already customize the error page to add a link
 

I think this would help avoid a lot of confusion when Keycloak for a reason or another is not aware of the client and needs to abort the process.

There are only a few cases where the client isn't known and I don't think this is a good solution for either of those:

* Admin sends email action to user - a better solution here would be to allow admin to select a client
* Client session times out and is garbage collected - we could add client uuid to the client session code which would mean it's always available
* Client is not specified - this is an error in your application and should not just be masked. Solution to make it more friendly is to improve error page
 

Best regards,
Thomas


On Fri, Feb 5, 2016 at 3:48 PM, Thomas Darimont <thomas.darimont@googlemail.com> wrote:
Hi group,

I have multiple realms and a list of clients registered within each realm. For each realm I'd like to configure
a "default" client that can be used as a redirect fallback if no client or redirect_uri was specified in requests.

The usecase is to provide some kind of "home" or "launchpad" service where users are redirected to in case
they don't know or didn't specify where to go.
The launchpad would then present a "fancy selection" of all the apps (clients) that are available to the current user,
somewhat comparable to the https://www.google.de/intl/de/about/products/ page.

Is this already possible or considered as a feature?

A default "default" client could be the account application.

A quick hack I could think of would be to define a client with the name "default" (or another well-known name)
and register a custom endpoint in Keycloak that would accept the client_id as a url parameter and redirect to the
configured client base url.

Cheers,
Thomas

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user



_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user