Re: [keycloak-user] What is the point of the cancel button on the log-in screen?
We would have to rememer referrer information somehow via the adapter to
know where to redirect to. This cancel redirection URL would be an
extension to OIDC I think and would require to be validated so that we
don't create an open redirector security vulnerabilities. Maybe we
should we just show a Keycloak rendered error page?
On 10/9/2014 12:46 PM, Stan Silvert wrote:
I guess I'm stating the obvious, but the cancel button should
take you
back to where you were before being challenged by the login screen. To
the extent that is possible, the cancel button should stay. We should
never rely on the back button.
I just tried it on our demo and recreated the 400 error. We should fix
this if possible.
On 10/9/2014 12:18 PM, Alarik Myrin wrote:
> At least with the Wildfly adapter, clicking cancel gets you a HTTP 400
> -- Bad Request on your protected resource, and doing something more
> graceful would take some thinking.
>
> It's not clear to me what *should* happen when clicking cancel. Users
> in a browser have a back button, or a button to close the tab, and
> they can always use that to get out of the login screen.
>
> Maybe the cancel button should just be removed?
>
> Alarik
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com