Hello,
on our Keycloak instance, we have users with role admin as well as “normal” users not allowed to access the realm configuration dialogs.
If a user without an admin role logs in directly, the admin UI with status 403 is shown.
Is there a way, to send these users directly to the account management for managing their own account instead to admin ui?
Currently we solved this task by adjusting the UI and redirecting the user in case of an error, but I hope there is a cleaner way to go.
Thank you very much for your help!
The admin UI is actually just an application that itself uses keycloak to login. The account management is another app.
Also, you have a special realm, called master, whose admin console can see the other realms beyond itself.
But you also have the https://myserver.org/admin/<realmname>/console which is the admin console for only the realmname realm.
Unfortunately, there is not way to automaticallly redirect users from the admin (master or not) console to the account management app.
What you can do is to give users only the account management url which is https://myserver.org/realms/<realmname>/account/ and only give the console url to admin users.
You can also create a intermediate page somewhere (in your app, maybe?) with a link to both the admin console and the account console and let users choose there.
OIDC is all about “client-initiated something”.
You don’t have anything like a “direct login”, that’s only possible with SAML, as SAML also supports a IdP-initiated authentication.
In OIDC you always start the authentication at a client (application), which then redirects to the IdP login process. After successful authentication, the user will be redirected back to the client and it’s in the responsibility of the client to decide what to do in which way.
The admin-ui is one client, the account-console is another client. If the clients don’t have anything implemented that would work as an automatic redirect to another client, your requirement won’t work.
Hey guys,
thank you very much for your answers and the clarification!
With this food for thought, we are sure to find a workable solution.
Best regards
Daniel