cancel
Showing results for 
Search instead for 
Did you mean: 

Dynamic Redirection post OIDC Login

dhruv2397
Explorer
0 Kudos

Hi Team,

We have a requirement to use OIDC as the framework for Identity Federation where CDC will act as an Open ID Provider (OP). Also, the requirement mentions that after successful authentication of the user, he/she should be redirected back to the correct sub-page from where the flow was initiated.

As our proposed solution, while making a call to OP Authorization endpoint (then to Proxy page), we are passing the value of redirect URL parameter dynamically and have whitelisted the complete domain in Redirect URL section in the configuration of the RP client.

For eg: Redirect URL section in RP Client config has https://example.com/* added and we are passing https://example.com/products/abcd.html to the Proxy page while calling OP Auth endpoint.

However, each time the Proxy page tries to redirect to this dynamic URL, it always moves to the error page saying the URL is not whitelisted. If we whitelist a static URL, and pass it through proxy page then it works as expected.

It seems CDC isn't supporting dynamic redirection after OIDC login or is there something we are missing here? If former is the case, could this scenario be accomplished anyhow?

Thanks and Regards,

Dhruv

Accepted Solutions (0)

Answers (3)

Answers (3)

igal_mi
Participant

Hi Dhruv,

This is part of the OIDC standard where redirectUrl need to be an exact string match. This is done as a security precaution to prevent open redirect attack vectors.

If you want to customize the behavior post the redirect, you can use the state parameter to pass data that will be returned after the redirection back to the RP occurs.

Cheers,

Igal

samuelyang
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Dhruv,

Static URL does not mean you cannot implement dynamic behaviors.

For instance, you can put a static redirect URL like "https://www.mydomain.com/myredirect", and implement the /mydirect URL by your backend codes like SpringMVC controller or PHP codes, and from your backend codes, you can implement whatever redirecting logic you like.

former_member629536
Participant
0 Kudos

Hi Dhruv,

Unfortunately, the Redirect whitelist doesn't support dynamic URLS.

One not so elegant workaround could be to store the subpage URL as a cookie value and redirect after the initial OIDC redirect.

regards

Ibrahim