Showing results for 
Search instead for 
Did you mean: 

Dynamic Redirection post OIDC Login

0 Kudos

Hi Team,

We have a requirement to use OIDC as the framework for Identity Federation where CDC will act as an Open ID Provider (OP). Also, the requirement mentions that after successful authentication of the user, he/she should be redirected back to the correct sub-page from where the flow was initiated.

As our proposed solution, while making a call to OP Authorization endpoint (then to Proxy page), we are passing the value of redirect URL parameter dynamically and have whitelisted the complete domain in Redirect URL section in the configuration of the RP client.

For eg: Redirect URL section in RP Client config has* added and we are passing to the Proxy page while calling OP Auth endpoint.

However, each time the Proxy page tries to redirect to this dynamic URL, it always moves to the error page saying the URL is not whitelisted. If we whitelist a static URL, and pass it through proxy page then it works as expected.

It seems CDC isn't supporting dynamic redirection after OIDC login or is there something we are missing here? If former is the case, could this scenario be accomplished anyhow?

Thanks and Regards,


Accepted Solutions (0)

Answers (3)

Answers (3)


Hi Dhruv,

This is part of the OIDC standard where redirectUrl need to be an exact string match. This is done as a security precaution to prevent open redirect attack vectors.

If you want to customize the behavior post the redirect, you can use the state parameter to pass data that will be returned after the redirection back to the RP occurs.



Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Dhruv,

Static URL does not mean you cannot implement dynamic behaviors.

For instance, you can put a static redirect URL like "", and implement the /mydirect URL by your backend codes like SpringMVC controller or PHP codes, and from your backend codes, you can implement whatever redirecting logic you like.

0 Kudos

Hi Dhruv,

Unfortunately, the Redirect whitelist doesn't support dynamic URLS.

One not so elegant workaround could be to store the subpage URL as a cookie value and redirect after the initial OIDC redirect.