[keycloak-dev] redirects vs. javascript logins

Stian Thorgersen stian at redhat.com
Fri Jul 26 05:12:55 EDT 2013 

We can still support a similar experience though. With the combination of customizable forms and iframe/popup we can still allow developers to integrate the forms into applications.

----- Original Message -----
> From: "Stian Thorgersen" <stian at redhat.com>
> To: "Bill Burke" <bburke at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Friday, 26 July, 2013 9:48:55 AM
> Subject: Re: [keycloak-dev] redirects vs. javascript logins
> 
> Yes, I don't know why I missed that. As you say login and logout has to be
> done through redirects as long as HttpOnly is set on the cookie.
> 
> EventJuggler simply links to the login page, but logout is a XHR and as you
> say that would have to be a redirect as well.
> 
> ----- Original Message -----
> > From: "Bill Burke" <bburke at redhat.com>
> > To: keycloak-dev at lists.jboss.org
> > Sent: Thursday, 25 July, 2013 5:57:56 PM
> > Subject: [keycloak-dev] redirects vs. javascript logins
> > 
> > To do SSO, keycloak server sets a session cookie so that the user
> > doesn't have to relogin if the cookie is set.  This will have issues
> > with the custom login, like the way the Event Juggler app works.
> > Correct me if I'm wrong, but for Event Juggler, the login page is hosted
> > at the Event Juggler website?  And the app would do an HTTP invocation
> > to obtain the token, correct?
> > 
> > The problem with this approach is that we wouldn't be able to set the
> > login session cookie as all cookies will be HttpOnly and not accessible
> > via javascript (due to security issues).  So, SSO would not work, and
> > the user would have to relogin for each additional site they visited.
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> > http://bill.burkecentral.com
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > 
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

More information about the keycloak-dev mailing list