Markus Till
GitHub
parent
d55d110ff9
commit
fa383bf76c
4 changed files with 28 additions and 1 deletions
|
|
@ -104,6 +104,7 @@ public class OIDCLoginProtocolFactory extends AbstractLoginProtocolFactory {
|
||||||
public static final String ROLES_SCOPE_CONSENT_TEXT = "${rolesScopeConsentText}";
|
public static final String ROLES_SCOPE_CONSENT_TEXT = "${rolesScopeConsentText}";
|
||||||
|
|
||||||
public static final String CONFIG_LEGACY_LOGOUT_REDIRECT_URI = "legacy-logout-redirect-uri";
|
public static final String CONFIG_LEGACY_LOGOUT_REDIRECT_URI = "legacy-logout-redirect-uri";
|
||||||
|
public static final String SUPPRESS_LOGOUT_CONFIRMATION_SCREEN = "suppress-logout-confirmation-screen";
|
||||||
|
|
||||||
private OIDCProviderConfig providerConfig;
|
private OIDCProviderConfig providerConfig;
|
||||||
|
|
||||||
|
|
@ -113,6 +114,9 @@ public class OIDCLoginProtocolFactory extends AbstractLoginProtocolFactory {
|
||||||
if (providerConfig.isLegacyLogoutRedirectUri()) {
|
if (providerConfig.isLegacyLogoutRedirectUri()) {
|
||||||
logger.warnf("Deprecated switch '%s' is enabled. Please try to disable it and update your clients to use OpenID Connect compliant way for RP-initiated logout.", CONFIG_LEGACY_LOGOUT_REDIRECT_URI);
|
logger.warnf("Deprecated switch '%s' is enabled. Please try to disable it and update your clients to use OpenID Connect compliant way for RP-initiated logout.", CONFIG_LEGACY_LOGOUT_REDIRECT_URI);
|
||||||
}
|
}
|
||||||
|
if (providerConfig.suppressLogoutConfirmationScreen()) {
|
||||||
|
logger.warnf("Deprecated switch '%s' is enabled. Please try to disable it and update your clients to use OpenID Connect compliant way for RP-initiated logout.", SUPPRESS_LOGOUT_CONFIRMATION_SCREEN);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
|
|
@ -26,12 +26,18 @@ import org.keycloak.Config;
|
||||||
public class OIDCProviderConfig {
|
public class OIDCProviderConfig {
|
||||||
|
|
||||||
private final boolean legacyLogoutRedirectUri;
|
private final boolean legacyLogoutRedirectUri;
|
||||||
|
private final boolean suppressLogoutConfirmationScreen;
|
||||||
|
|
||||||
public OIDCProviderConfig(Config.Scope config) {
|
public OIDCProviderConfig(Config.Scope config) {
|
||||||
this.legacyLogoutRedirectUri = config.getBoolean(OIDCLoginProtocolFactory.CONFIG_LEGACY_LOGOUT_REDIRECT_URI, false);
|
this.legacyLogoutRedirectUri = config.getBoolean(OIDCLoginProtocolFactory.CONFIG_LEGACY_LOGOUT_REDIRECT_URI, false);
|
||||||
|
this.suppressLogoutConfirmationScreen = config.getBoolean(OIDCLoginProtocolFactory.SUPPRESS_LOGOUT_CONFIRMATION_SCREEN, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isLegacyLogoutRedirectUri() {
|
public boolean isLegacyLogoutRedirectUri() {
|
||||||
return legacyLogoutRedirectUri;
|
return legacyLogoutRedirectUri;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean suppressLogoutConfirmationScreen() {
|
||||||
|
return suppressLogoutConfirmationScreen;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -313,7 +313,7 @@ public class LogoutEndpoint {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Logout confirmation screen will be displayed to the user in this case
|
// Logout confirmation screen will be displayed to the user in this case
|
||||||
if (confirmationNeeded || forcedConfirmation) {
|
if ((confirmationNeeded || forcedConfirmation) && !providerConfig.suppressLogoutConfirmationScreen()) {
|
||||||
return displayLogoutConfirmationScreen(loginForm, logoutSession);
|
return displayLogoutConfirmationScreen(loginForm, logoutSession);
|
||||||
} else {
|
} else {
|
||||||
return doBrowserLogout(logoutSession);
|
return doBrowserLogout(logoutSession);
|
||||||
|
|
|
||||||
|
|
@ -112,6 +112,7 @@ public class LegacyLogoutTest extends AbstractTestRealmKeycloakTest {
|
||||||
@After
|
@After
|
||||||
public void revertConfiguration() {
|
public void revertConfiguration() {
|
||||||
getTestingClient().testing().setSystemPropertyOnServer("oidc." + OIDCLoginProtocolFactory.CONFIG_LEGACY_LOGOUT_REDIRECT_URI, "false");
|
getTestingClient().testing().setSystemPropertyOnServer("oidc." + OIDCLoginProtocolFactory.CONFIG_LEGACY_LOGOUT_REDIRECT_URI, "false");
|
||||||
|
getTestingClient().testing().setSystemPropertyOnServer("oidc." + OIDCLoginProtocolFactory.SUPPRESS_LOGOUT_CONFIRMATION_SCREEN, "false");
|
||||||
getTestingClient().testing().reinitializeProviderFactoryWithSystemPropertiesScope(LoginProtocol.class.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL, "oidc.");
|
getTestingClient().testing().reinitializeProviderFactoryWithSystemPropertiesScope(LoginProtocol.class.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL, "oidc.");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -237,7 +238,23 @@ public class LegacyLogoutTest extends AbstractTestRealmKeycloakTest {
|
||||||
MatcherAssert.assertThat(false, is(isSessionActive(sessionId)));
|
MatcherAssert.assertThat(false, is(isSessionActive(sessionId)));
|
||||||
assertCurrentUrlEquals(APP_REDIRECT_URI);
|
assertCurrentUrlEquals(APP_REDIRECT_URI);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Test with "post_logout_redirect_uri" without "id_token_hint" and "suppress-logout-confirmation-screen": User should logout non interactive.
|
||||||
|
@Test
|
||||||
|
public void logoutWithPostLogoutUriWithoutIdTokenHintAndSuppressedConfirmation() {
|
||||||
|
getTestingClient().testing().setSystemPropertyOnServer("oidc." + OIDCLoginProtocolFactory.SUPPRESS_LOGOUT_CONFIRMATION_SCREEN, "true");
|
||||||
|
getTestingClient().testing().reinitializeProviderFactoryWithSystemPropertiesScope(LoginProtocol.class.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL, "oidc.");
|
||||||
|
|
||||||
|
OAuthClient.AccessTokenResponse tokenResponse = loginUser();
|
||||||
|
String sessionId = tokenResponse.getSessionState();
|
||||||
|
|
||||||
|
String logoutUrl = oauth.getLogoutUrl().postLogoutRedirectUri(APP_REDIRECT_URI).build();
|
||||||
|
driver.navigate().to(logoutUrl);
|
||||||
|
|
||||||
|
events.expectLogout(sessionId).detail(Details.REDIRECT_URI, APP_REDIRECT_URI).assertEvent();
|
||||||
|
Assert.assertThat(false, is(isSessionActive(sessionId)));
|
||||||
|
assertCurrentUrlEquals(APP_REDIRECT_URI);
|
||||||
}
|
}
|
||||||
|
|
||||||
private OAuthClient.AccessTokenResponse loginUser() {
|
private OAuthClient.AccessTokenResponse loginUser() {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue