IdentityServer3 icon indicating copy to clipboard operation
IdentityServer3 copied to clipboard
verified publisher icon IdentityServer

is there a way to add additional query string parameters to the response like clientid apart from signin?

Open chandy02 opened this issue 10 years ago • 11 comments

I was wondering if there is a way to pass the clientid also a querystring parameter along with signin. We have multiple internal clients/websites that go with identity server which all have only the signin parameter. If the enduser decides to bookmark this login page on the identityserver, then it becomes difficult for the user to click the bookmark once the cookie has expired or deleted as the response simply has the signin and no other way to redirect to the login page and redirects them to the error page as it does not know the clientid. if there is a way to pass the clientid to the response string it will be easier for me to internally redirect it to the correct login page based on the clientid on the response.

chandy02 avatar Jun 05 '15 17:06 chandy02

See the InvalidSignInRedirectUrl setting: https://identityserver.github.io/Documentation/docs/configuration/authenticationOptions.html

Also, you can't really do an IdP-initiated signin in OIDC. The client needs to have a launch page for that. Your redirect can do whatever it wants

brockallen avatar Jun 05 '15 17:06 brockallen

In this case the cookies has been deleted and all the sites will redirect to login page in a Admin website we maintain. The users see the url as http://xxx.yyy.com/login?signin=41f8... and they usually book mark it. If the cookie expires/gets deleted, it rediects us to the InvalidSignInRedirectUrl (error page). But Since there is no cookie and we do not know the client, the Admin Website does not know the baseurl of the client login page to redirect to. If the response can be of the form http://admin.yyy.com/login?signin=41f8fgfffdf&clientid=xyz then we can redirect them to the default url of clientid xyz which inturn would create a new cookie and redirect them to the Admin website to validate credentials http://admin.yyy.com/login?signin=41f8fgfffdf&clientid=xyz.

chandy02 avatar Jun 05 '15 18:06 chandy02

We can discuss to see if there are any security concerns.

brockallen avatar Jun 05 '15 23:06 brockallen

I think I have the same problem when resetting the password. We'd like to redirect the user back to the same client. Not sure how to do that smoothly without including a redirect url in the query string

henninga avatar Aug 25 '15 09:08 henninga

discuss? close? todo?

leastprivilege avatar Sep 09 '15 05:09 leastprivilege

well, when we do our 2.1 planning we can discuss.

brockallen avatar Sep 09 '15 15:09 brockallen

i have a question not related to the above thread though. but would appreciate if I get answer to it here.. i have my custom _login.html and on there I have embedded the LoginPageLink for forget password . what i need to do it pass the {model.username} (which is the textbox value ) in querystring to the page forgetPassword link is redirecting to..

As per standards , I am setting the LoginPageLink property on startUp. Is it possible.. or i should try something else ??

Thanks

rgahunia avatar Nov 13 '15 15:11 rgahunia

Hi, I can see that this request is still in the backlog and I couldn't find any details about anything similar. Were there any changes for the last year for determining where the user should be redirected to?

The problem is still with bookmarks. I found that InvalidSignInRedirectUrl is recommended to be used in this case, but I can't create a page with the list of all our applications because of the security reasons. So, It would be great if after understanding that the signin key is invalid I still can send the user back to the right application.

Has anyone managed to do this?

Thanks.

hubaksis avatar Jul 26 '16 22:07 hubaksis

I'm interested in this, too. Any update on how to pass some additional information when redirecting to the login? In our case we want to pass an invitation ID which will be used, if the user registers a new account on the IdSrv pages.

olee avatar Sep 27 '16 08:09 olee

I am also interested in this topic.

I have a slightly different use case, though; When a new user signs up, they receive an email that contains an activation link. Clicking this link will send them to a page that let them set a password for the new account. From there, they are redirected to the protected site, which will revoke them, because they are not yet authenticated. This is where they are redirected to the login page, and I would like to add an extra parameter to the URL, in order to display a message, stating that their "account is now active and the password has been set. Welcome, yada, yada, yada, please log in below:".

Obviously, this message should only appear for brand new accounts (that is, an account that has no data in the userlogins-table, for example).

(If anyone has a better idea on how to do this beside sneaking in an extra query string parameter, I would like some pointers.)

Nathzukie avatar Sep 29 '16 13:09 Nathzukie

Hello there, Is there any updates about this situation ? Because i want to create a forgot password additional link in login screen and send a login link to my users. In this case i need a client id parameter to get login url about this client in the db. Because i have a multiple client to login.

Or can i get client id information in the signin parameter ?

Thank you..

fatihbati avatar Jun 06 '17 13:06 fatihbati