Redirect URL Whitelist
What is a Redirect URL?
A Redirect URL is a URL that is used to redirect your domain's visitors to a different URL.
When do I use a Redirect URL?
A Redirect URL is often used to redirect an end-user back to the homepage after a login process. For example, a customer of a webshop visits the webshop, adds something to the cart, logs in and goes through the payment process. To make the payment the end-user is redirected to the website of a bank. After finishing the payment, the end-user is being redirected to the webshops homepage. In this case the webshops homepage is the Redirect URL.
A Redirect URL can also be used to forward an end-user to a web page that is available under more than one URL. For example an end-user that types onegini.net in the browser, is being redirected to onegini.com.
What is a Redirect URL Whitelist?
A Redirect URL Whitelist is a list of URLs to which an end-user is allowed to be redirected.
To add a Redirect URL to the Redirect url Whitelist go to Onegini Customer Identity Access Manager > Configuration > General information.
In the section General Config, URLs to redirect the end-user can be defined. In the Redirect url whitelist section validation rules can be defined against which a return_url will be validated.
In the section General Config, the following fields can be filled in:
| Field | Description |
|---|---|
| Redirect to URL after login | Defines an URL to a default weppage after the end-user has been logged in. |
| Redirect to URL after logout | Defines an URL to a default webpage after the end-user has been logged out. |
| Redirect to URL after sign-up | Defines an URL to a default webpage after the end-user has been signed up. |
| Redirect to URL after activation | Defines an URL to a default webpage after the end-user has activated her or his account. |
In the section Redirect url whitelist, the following fields can be filled in:
| Field | Description |
|---|---|
| Default Origin URL | Defines a default URL to which an end-user will be redirected when no 'origin' parameter is defined. |
| Redirect URL or regular expression pattern | Defines a list of URLs against which a 'return_url' or 'origin' parameter should be validated. Regular expressions are allowed. |
How does a Redirect URL work?
To demonstrate how a Redirect URL works in a SAML flow, read the following step-by-step example:
- A Redirect URL should be provided in the request by an
originquery parameter. - This request could look like this
http://dev.onegini.me:8181/personal/dashboard?origin=http://origin.example.com. In this request the Redirect URL ishttp://origin.example.com. - The end-user will be redirected to the origin URL (
http://origin.example.com), as soon as he or she navigates to the endpoint/personal/return-to-origin(http://dev.onegini.me:8181/personal/return-to-origin) or as soon as he or she logs out. - The Redirect URL should match at least one Redirect URL that is defined in the Redirect URL Whitelist in the Onegini Customer Identity Access Manager.
Note: If there is no Redirect URL defined in the Redirect URL Whitelist the end-user will be redirected to the default origin URL. If no default origin URL is defined the end-user will end up on first page that he or she visited. In this example http://dev.onegini.me:8181/personal/dashboard.
Flows to use a Redirect URL
There are different flows or user cases in which you can use a Redirect URL. Take a look at the table below.
| Flow | Description |
|---|---|
| Any attribute update on the dashboard | A user can change a password or update mobile number. |
| Action tokens | After a user has been logged in, or any action token action has been executed, it is possible to redirect a user to a concrete url. |
| User login | A user is redirected to the CIMs login page and the redirect url redirects the user to the client’s page. |
| Invite complete | A user is redirected to the return_url after finishing the invitation flow. |
| Log out | A user is redirected to a return_url after being logged out. |
Retrieving status after operation ended
When operation of updating attribute ended in a redirect to specified url, the status of this operation can be retrieved. A query param is added to redirect url named operationStatusId which contains id of the status.
The details of how to get the status can be found in the Operations API.