From a07f691ce5afd3ec43b0cba8601f3424a05e3dbc Mon Sep 17 00:00:00 2001 From: k----n Date: Wed, 21 Apr 2021 11:43:12 -0600 Subject: [PATCH] Fixed logout for okta --- .../impl/OpenIDAuthenticationBackend.java | 30 +++++++++++++++++-- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/src/main/java/eu/openanalytics/containerproxy/auth/impl/OpenIDAuthenticationBackend.java b/src/main/java/eu/openanalytics/containerproxy/auth/impl/OpenIDAuthenticationBackend.java index a00c6526..0d21c57a 100644 --- a/src/main/java/eu/openanalytics/containerproxy/auth/impl/OpenIDAuthenticationBackend.java +++ b/src/main/java/eu/openanalytics/containerproxy/auth/impl/OpenIDAuthenticationBackend.java @@ -141,10 +141,34 @@ public String getLoginRedirectURI() { + OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/" + REG_ID; } - + + private String getIdToken() { + Authentication auth = SecurityContextHolder.getContext().getAuthentication(); + if (auth == null) return ""; + + OidcUser user = (OidcUser) auth.getPrincipal(); + return user.getIdToken().getTokenValue(); + } + @Override - public String getLogoutSuccessURL() { + public String getLogoutURL() { String logoutURL = environment.getProperty("proxy.openid.logout-url"); + String providerLogoutURL = environment.getProperty("proxy.openid.provider-logout-url"); + String provider = environment.getProperty("proxy.openid.provider"); + + if (providerLogoutURL == null || providerLogoutURL.trim().isEmpty()) { + return "/logout"; + } else if (provider.trim().equals("okta")) { + providerLogoutURL += "?id_token_hint=" + getIdToken(); + providerLogoutURL += "&post_logout_redirect_uri=" + logoutURL; + } + + return providerLogoutURL; + } + + @Override + public String getLogoutSuccessURL() { + String logoutURL = environment.getProperty("proxy.openid.logout-success-url"); if (logoutURL == null || logoutURL.trim().isEmpty()) logoutURL = IAuthenticationBackend.super.getLogoutSuccessURL(); return logoutURL; } @@ -172,7 +196,7 @@ protected ClientRegistrationRepository createClientRepo() { if (scope == null) break; else scopes.add(scope); } - + ClientRegistration client = ClientRegistration.withRegistrationId(REG_ID) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) .clientName(REG_ID)