Redirect URL Whitelist
What is a Redirect URL?
A Redirect URL is a URL that is used to redirect your domain's visitors to a different URL.
When do I use a Redirect URL?
A Redirect URL is often used to redirect an end-user back to the homepage after a login process. For example, a customer of a webshop visits the webshop, adds something to the cart, logs in and goes through the payment process. To make the payment the end-user is redirected to the website of a bank. After finishing the payment, the end-user is being redirected to the webshops homepage. In this case the webshops homepage is the Redirect URL.
A Redirect URL can also be used to forward an end-user to a web page that is available under more than one URL. For example an end-user that types onegini.net in the browser, is being redirected to onegini.com.
What is a Redirect URL Whitelist?
A Redirect URL Whitelist is a list of URLs to which an end-user is allowed to be redirected.
To add a Redirect URL to the Redirect url Whitelist go to
Onegini Customer Identity Access Manager >
In the section
General Config, URLs to redirect the end-user can be defined. In the
Redirect url whitelist section validation rules can be defined against which a
return_url will be validated.
In the section
General Config, the following fields can be filled in:
|Redirect to URL after login||Defines an URL to a default weppage after the end-user has been logged in.|
|Redirect to URL after logout||Defines an URL to a default webpage after the end-user has been logged out.|
|Redirect to URL after sign-up||Defines an URL to a default webpage after the end-user has been signed up.|
|Redirect to URL after activation||Defines an URL to a default webpage after the end-user has activated her or his account.|
In the section
Redirect url whitelist, the following fields can be filled in:
|Default Origin URL||Defines a default URL to which an end-user will be redirected when no 'origin' parameter is defined.|
|Redirect URL or regular expression pattern||Defines a list of URLs against which a 'return_url' or 'origin' parameter should be validated. Regular expressions are allowed.|
How does a Redirect URL work?
To demonstrate how a Redirect URL works in a SAML flow, read the following step-by-step example:
- A Redirect URL should be provided in the request by an
- This request could look like this
http://dev.onegini.me:8181/personal/dashboard?origin=http://origin.example.com. In this request the Redirect URL is
- The end-user will be redirected to the origin URL (
http://origin.example.com), as soon as he or she navigates to the endpoint
http://dev.onegini.me:8181/personal/return-to-origin) or as soon as he or she logs out.
- The Redirect URL should match at least one Redirect URL that is defined in the Redirect URL Whitelist in the Onegini Customer Identity Access Manager.
Note: If there is no Redirect URL defined in the Redirect URL Whitelist the end-user will be redirected to the default origin URL. If no default origin URL is defined the end-user will end up on first page that he or she visited. In this example
Flows to use a Redirect URL
There are different flows or user cases in which you can use a Redirect URL. Take a look at the table below.
|Any attribute update on the dashboard||A user can change a password or update mobile number.|
|Action tokens||After a user has been logged in, or any action token action has been executed, it is possible to redirect a user to a concrete url.|
|User login||A user is redirected to the CIMs login page and the redirect url redirects the user to the client’s page.|
|Invite complete||A user is redirected to the return_url after finishing the invitation flow.|
|Log out||A user is redirected to a return_url after being logged out.|
Retrieving status after operation ended
When operation of updating attribute ended in a redirect to specified url, the status of this operation can be retrieved. A query param is added to redirect url named
operationStatusId which contains id of the status.
The details of how to get the status can be found in the Operations API.