Skip to content

Commit

Permalink
[backend] Add remote logout_remote value to openId options (#7766)
Browse files Browse the repository at this point in the history
  • Loading branch information
aHenryJard authored Sep 27, 2024
1 parent f31ec39 commit a8de5b5
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
3 changes: 2 additions & 1 deletion opencti-platform/opencti-graphql/src/config/providers.js
Original file line number Diff line number Diff line change
Expand Up @@ -317,7 +317,7 @@ for (let i = 0; i < providerKeys.length; i += 1) {
}
// endregion
const openIdScope = R.uniq(openIdScopes).join(' ');
const options = { client, passReqToCallback: true, params: { scope: openIdScope } };
const options = { logout_remote: mappedConfig.logout_remote, client, passReqToCallback: true, params: { scope: openIdScope } };
const debugCallback = (message, meta) => logApp.info(message, meta);
const openIDStrategy = new OpenIDStrategy(options, debugCallback, (_, tokenset, userinfo, done) => {
logApp.info('[OPENID] Successfully logged', { userinfo });
Expand Down Expand Up @@ -386,6 +386,7 @@ for (let i = 0; i < providerKeys.length; i += 1) {
openIDStrategy.logout = (_, callback) => {
const isSpecificUri = isNotEmptyField(config.logout_callback_url);
const endpointUri = issuer.end_session_endpoint ? issuer.end_session_endpoint : `${config.issuer}/oidc/logout`;
logApp.debug(`[OPENID] logout configuration, isSpecificUri:${isSpecificUri}, issuer.end_session_endpoint:${issuer.end_session_endpoint}, final endpointUri: ${endpointUri}`);
if (isSpecificUri) {
const logoutUri = `${endpointUri}?post_logout_redirect_uri=${config.logout_callback_url}`;
callback(null, logoutUri);
Expand Down
2 changes: 2 additions & 0 deletions opencti-platform/opencti-graphql/src/http/httpPlatform.js
Original file line number Diff line number Diff line change
Expand Up @@ -361,6 +361,7 @@ const createApp = async (app) => {
const strategy = passport._strategy(provider);
if (strategy) {
if (strategy.logout_remote === true && strategy.logout) {
logApp.debug('Logout: requesting remote logout using authentication strategy parameters.');
req.user = user; // Needed for passport
strategy.logout(req, (error, request) => {
if (error) {
Expand All @@ -371,6 +372,7 @@ const createApp = async (app) => {
}
});
} else {
logApp.debug('Logout: OpenCTI logout only, remote logout on IDP not requested.');
res.redirect(referer);
}
} else {
Expand Down

0 comments on commit a8de5b5

Please sign in to comment.