[keycloak-dev] Automatic logout from KC admin console for non-authorized users
Marek Posolda
mposolda at redhat.com
Tue Feb 3 04:05:19 EST 2015
Right now, when user goes to keycloak admin console and he doesn't have
access (any admin roles assigned), he is logged out automatically. It's
done by "whoami" endpoint, which returns 401 in this case.
Shouldn't we instead just display some notification like "Forbidden, you
don't have access" instead of automatically logout user?
My point is links between various admin consoles. For example when user
is logged in hawtio admin console and he click on link to Keycloak admin
console. But when he don't have access, he is logged out automatically,
which does SSO logout and logout him also from hawtio. To me it looks
like bit confusing behaviour tbh.
Also do we have plan to add support for referrer in KC admin console
similarly like account mgmt has?
Marek
More information about the keycloak-dev
mailing list