[keycloak-user] Default client for a realm

Stian Thorgersen sthorger at redhat.com
Fri Feb 5 09:03:08 EST 2016


On 5 February 2016 at 14:55, Thomas Raehalme <
thomas.raehalme at aitiofinland.com> wrote:

> Hi!
>
> How about just a default redirect URL where the user is redirected when
> it's appropriate to return back to the application?
> The redirection could be immediate or a link on the error view.
>

Errors should not be masked and you can already customize the error page to
add a link


>
> I think this would help avoid a lot of confusion when Keycloak for a
> reason or another is not aware of the client and needs to abort the process.
>

There are only a few cases where the client isn't known and I don't think
this is a good solution for either of those:

* Admin sends email action to user - a better solution here would be to
allow admin to select a client
* Client session times out and is garbage collected - we could add client
uuid to the client session code which would mean it's always available
* Client is not specified - this is an error in your application and should
not just be masked. Solution to make it more friendly is to improve error
page


>
> Best regards,
> Thomas
>
>
> On Fri, Feb 5, 2016 at 3:48 PM, Thomas Darimont <
> thomas.darimont at googlemail.com> wrote:
>
>> Hi group,
>>
>> I have multiple realms and a list of clients registered within each
>> realm. For each realm I'd like to configure
>> a "default" client that can be used as a redirect fallback if no client
>> or redirect_uri was specified in requests.
>>
>> The usecase is to provide some kind of "home" or "launchpad" service
>> where users are redirected to in case
>> they don't know or didn't specify where to go.
>> The launchpad would then present a "fancy selection" of all the apps
>> (clients) that are available to the current user,
>> somewhat comparable to the https://www.google.de/intl/de/about/products/
>> page.
>>
>> Is this already possible or considered as a feature?
>>
>> A default "default" client could be the account application.
>>
>> A quick hack I could think of would be to define a client with the name
>> "default" (or another well-known name)
>> and register a custom endpoint in Keycloak that would accept the
>> client_id as a url parameter and redirect to the
>> configured client base url.
>>
>> Cheers,
>> Thomas
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160205/79f2fb4f/attachment-0001.html 


More information about the keycloak-user mailing list