Redirect URL Whitelist¶
What is a Redirect URL?¶
A Redirect URL is a URL that is used to redirect your domain's visitors to a different URL.
When do I use a Redirect URL?¶
A Redirect URL is often used to redirect an end-user back to the homepage after a login process. For example, a customer of a webshop visits the webshop, adds something to the cart, logs in and goes through the payment process. To make the payment the end-user is redirected to the website of a bank. After finishing the payment, the end-user is being redirected to the webshops homepage. In this case the webshops homepage is the Redirect URL.
A Redirect URL can also be used to forward an end-user to a web page that is available under more than one URL. For example an end-user that types onegini.net in the browser, is being redirected to onegini.com.
What is a Redirect URL Whitelist?¶
A Redirect URL Whitelist is a list of URLs to which an end-user is allowed to be redirected.
To add a Redirect URL to the Redirect url Whitelist go to
Onegini Customer Identity Access Manager >
In the section
General Config, URLs to redirect the end-user can be defined. In the
Redirect url whitelist section validation rules can be defined against which a
return_url will be validated.
In the section
General Config, the following fields can be filled in:
|Redirect to URL after login||Defines an URL to a default weppage after the end-user has been logged in.|
|Redirect to URL after logout||Defines an URL to a default webpage after the end-user has been logged out.|
|Redirect to URL after sign-up||Defines an URL to a default webpage after the end-user has been signed up.|
|Redirect to URL after activation||Defines an URL to a default webpage after the end-user has activated her or his account.|
In the section
Redirect url whitelist, the following fields can be filled in:
|Default Origin URL||Defines a default URL to which an end-user will be redirected when no 'origin' parameter is defined.|
|Redirect URL or regular expression pattern||Defines a list of URLs against which a 'return_url' or 'origin' parameter should be validated. Regular expressions are allowed.|
How does a Redirect URL work?¶
To demonstrate how a Redirect URL works in a SAML flow, read the following step-by-step example:
- A Redirect URL should be provided in the request by an
- This request could look like this
http://dev.onegini.me:8181/personal/dashboard?origin=http://origin.example.com. In this request the Redirect URL is
- The end-user will be redirected to the origin URL (
http://origin.example.com), as soon as he or she navigates to the endpoint
http://dev.onegini.me:8181/personal/return-to-origin) or as soon as he or she logs out.
- The Redirect URL should match at least one Redirect URL that is defined in the Redirect URL Whitelist in the Onegini Customer Identity Access Manager.
If there is no Redirect URL defined in the Redirect URL Whitelist the end-user will be redirected to the default origin URL. If no default origin URL is defined the end-user will end up on first page that he or she visited. In this example
Flows to use a Redirect URL¶
There are different flows or user cases in which you can use a Redirect URL. Take a look at the table below.
|Any attribute update on the dashboard||A user can change a password or update mobile number.|
|Action tokens||After a user has been logged in, or any action token action has been executed, it is possible to redirect a user to a concrete url.|
|User login||A user is redirected to the CIMs login page and the redirect url redirects the user to the client’s page.|
|Invite complete||A user is redirected to the return_url after finishing the invitation flow.|
|Log out||A user is redirected to a return_url after being logged out.|
Retrieving status after operation ended¶
When operation of updating attribute ended in a redirect to specified url, the status of this operation can be retrieved. A query param is added to redirect url named
operationStatusId which contains id of the status.
The details of how to get the status can be found in the Operations API.