diff --git a/keystone/exception.py b/keystone/exception.py
index 43e55beb97..82415fa953 100644
--- a/keystone/exception.py
+++ b/keystone/exception.py
@@ -755,3 +755,20 @@ class OAuth2OtherError(OAuth2Error):
     def __init__(self, code, title, message):
         error_title = 'other_error'
         super().__init__(code, title, error_title, message)
+
+
+class RedirectRequired(Exception):
+    """Error class for redirection.
+
+    Child classes should define an HTTP redirect url
+    message_format.
+
+    """
+
+    redirect_url = None
+    code = http.client.FOUND
+
+    def __init__(self, redirect_url, **kwargs):
+        self.redirect_url = redirect_url
+
+        super(RedirectRequired, self).__init__(**kwargs)
diff --git a/keystone/server/flask/application.py b/keystone/server/flask/application.py
index 5c4c0b0658..7ab8fbf193 100644
--- a/keystone/server/flask/application.py
+++ b/keystone/server/flask/application.py
@@ -78,6 +78,9 @@ def _handle_keystone_exception(error):
     elif isinstance(error, exception.OAuth2Error):
         return oauth2_handlers.build_response(error)
 
+    if isinstance(error, exception.RedirectRequired):
+        return flask.redirect(error.redirect_url)
+
     # Handle logging
     if isinstance(error, exception.Unauthorized):
         LOG.warning(