Redirect URL Whitelist

Redirect URL Whitelist functionality defines a list of URLs to which user is allowed to be redirected. In case at least one URL pattern is defined in the Onegini IDP admin console and it matches with the URL provided within the incoming request the user will be redirected.

Redirect URL should be provided in the request by the origin query param, example: User will be redirected to the origin (in this case when going to /personal/return-to-origin endpoint ( and in case of log out. Redirect URL should match at least one whitelist entry pattern. If origin URL is not defined as a request parameter, then the user will be redirected to the default origin URL, if one is defined in the admin panel.

When NOT in SAML flow the redirect URL will be used to determine where to redirect after the user has been logged in to the application, by providing return_url parameter in the request, example: The return url should match with at least one whitelist entry pattern defined in the Onegini IDP's admin console. If this parameter is not specified in request or not matching whitelist entry it will be ignored and the user will be redirected to default destination.