New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

oxTrust Needs To Register A Front Channel Logout URI #1305

Closed
afroDC opened this Issue Oct 22, 2018 · 3 comments

Comments

Projects
None yet
3 participants
@afroDC

afroDC commented Oct 22, 2018

oxTrust does not have a registered Front Channel Logout URI, and therefore would be unable to logout properly if the logout session is initiated by another client.

@afroDC afroDC added the bug label Oct 22, 2018

@afroDC afroDC added this to the 3.1.5 milestone Oct 22, 2018

@yurem

This comment has been minimized.

Contributor

yurem commented Nov 29, 2018

@afroDC can you add test flow to this issue?

@afroDC

This comment has been minimized.

afroDC commented Dec 6, 2018

We just need to add oxAuthLogoutURI to the oxTrust Admin GUI entry in /install/community-edition-setup/templates/clients.ldif. It should look like:

#########################
# OX Clients Definition
#########################

dn: inum=%(oxauth_client_id)s,ou=clients,o=%(inumOrg)s,o=gluu
objectClass: oxAuthClient
objectClass: top
displayName: oxTrust Admin GUI
inum: %(oxauth_client_id)s
oxAuthClientSecret: %(oxauthClient_encoded_pw)s
oxAuthAppType: web
oxAuthResponseType: code
oxAuthGrantType: authorization_code
oxAuthGrantType: implicit
oxAuthGrantType: refresh_token
oxAuthScope: inum=%(inumOrg)s!0009!F0C4,ou=scopes,o=%(inumOrg)s,o=gluu
oxAuthScope: inum=%(inumOrg)s!0009!10B2,ou=scopes,o=%(inumOrg)s,o=gluu
oxAuthScope: inum=%(inumOrg)s!0009!764C,ou=scopes,o=%(inumOrg)s,o=gluu
oxAuthLogoutURI:  https://%(hostname)s/identity/logout
oxAuthRedirectURI: https://%(hostname)s/identity/scim/auth
oxAuthRedirectURI: https://%(hostname)s/identity/authentication/authcode
oxAuthRedirectURI: https://%(hostname)s/identity/authentication/getauthcode
oxAuthRedirectURI: https://%(hostname)s/cas/login
oxAuthRedirectURI: https://%(hostname)s/oxauth/restv1/uma/gather_claims?authentication=true
oxClaimRedirectURI: https://%(hostname)s/oxauth/restv1/uma/gather_claims
oxAuthPostLogoutRedirectURI: https://%(hostname)s/identity/authentication/finishlogout
oxAuthTokenEndpointAuthMethod: client_secret_basic
oxAuthIdTokenSignedResponseAlg: HS256
oxAuthTrustedClient: true
oxAuthSubjectType: public
oxPersistClientAuthorizations: false
oxAuthLogoutSessionRequired: true

This will give the oxTrust client a default Front Channel Logout URI.

@syntrydy syntrydy self-assigned this Dec 6, 2018

@syntrydy

This comment has been minimized.

Contributor

syntrydy commented Dec 7, 2018

@syntrydy syntrydy closed this Dec 7, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment