Skip to content

Commit

Permalink
Merge pull request #2996 from gbarbon/feature-disableOpenIDLogout
Browse files Browse the repository at this point in the history 
Enabling property to disable the OpenID Connect logout
  • Loading branch information
@Coduz
Coduz authored Jun 10, 2020
2 parents f867911 + 79a49f4 commit f8261e7
Show file tree
Hide file tree
Showing 5 changed files with 47 additions and 29 deletions.
33 changes: 19 additions & 14 deletions console/core/src/main/java/org/eclipse/kapua/app/console/core/client/KapuaCloudConsole.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright (c) 2017, 2018 Eurotech and/or its affiliates and others
* Copyright (c) 2017, 2020 Eurotech and/or its affiliates and others
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
Expand Down Expand Up @@ -370,7 +370,7 @@ private void renderLoginDialog() {
String error = Window.Location.getParameter("error");

// Check if coming from failed SSO login (the user exists but she does not have the authorizations)
if (error !=null && !error.isEmpty() && error.equals("access_denied")) {
if (error != null && !error.isEmpty() && error.equals("access_denied")) {
logger.info("Access denied, SSO login failed");
ConsoleInfo.display(CORE_MSGS.loginSsoLoginError(), CORE_MSGS.ssoClientAuthenticationFailed());
}
Expand Down Expand Up @@ -446,18 +446,23 @@ public void onFailure(Throwable caught) {

@Override
public void onSuccess(final String result) {
logger.info("Waiting for logout.");

// this timer is needed to give time to the ConsoleInfo.display method (called above) to show
// the message to the user (otherwise the Window.location.assign would reload the page,
// giving no time to the user to read the message).
Timer timer = new Timer() {
@Override
public void run() {
Window.Location.assign(result);
}
};
timer.schedule(SSO_FAILURE_WAIT_TIME);
if (!result.isEmpty()) {
logger.info("Waiting for logout.");

// this timer is needed to give time to the ConsoleInfo.display method (called above) to show
// the message to the user (otherwise the Window.location.assign would reload the page,
// giving no time to the user to read the message).
Timer timer = new Timer() {
@Override
public void run() {
Window.Location.assign(result);
}
};
timer.schedule(SSO_FAILURE_WAIT_TIME);
} else {
// result is empty, thus the OpenID logout is disabled
TokenCleaner.cleanToken(); // removes the access_token from the URL, however it forces the page reload
}
}
});
}
Expand Down
27 changes: 16 additions & 11 deletions console/core/src/main/java/org/eclipse/kapua/app/console/core/client/NorthView.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright (c) 2016, 2019 Eurotech and/or its affiliates and others
* Copyright (c) 2016, 2020 Eurotech and/or its affiliates and others
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
Expand Down Expand Up @@ -197,16 +197,21 @@ public void onSuccess(Void arg0) {
gwtSettingService.getSsoLogoutUri(currentSession.getSsoIdToken(),
new AsyncCallback<String>() {

@Override
public void onFailure(Throwable caught) {
FailureHandler.handle(caught);
}

@Override
public void onSuccess(String result) {
Window.Location.assign(result);
}
});
@Override
public void onFailure(Throwable caught) {
FailureHandler.handle(caught);
}

@Override
public void onSuccess(String result) {
if (!result.isEmpty()) {
Window.Location.assign(result);
} else {
// result is empty, thus the OpenID logout is disabled
TokenCleaner.cleanToken();
}
}
});
} else {
TokenCleaner.cleanToken();
}
Expand Down
9 changes: 6 additions & 3 deletions .../core/src/main/java/org/eclipse/kapua/app/console/core/server/GwtSettingsServiceImpl.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright (c) 2017 Eurotech and/or its affiliates and others
* Copyright (c) 2017, 2020 Eurotech and/or its affiliates and others
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
Expand Down Expand Up @@ -52,8 +52,11 @@ public String getSsoLoginUri() throws GwtKapuaException {
@Override
public String getSsoLogoutUri(String ssoIdToken) throws GwtKapuaException {
try {
return SsoLocator.getLocator(this).getService().getLogoutUri(ssoIdToken,
URI.create(SsoHelper.getHomeUri()), UUID.randomUUID().toString());
if (SETTINGS.getBoolean(ConsoleSettingKeys.SSO_OPENID_LOGOUT_ENABLED, true)) {
return SsoLocator.getLocator(this).getService().getLogoutUri(ssoIdToken,
URI.create(SsoHelper.getHomeUri()), UUID.randomUUID().toString());
}
return ""; // return empty string instead of using a dedicated callback just to check if the logout is enabled
} catch (Throwable t) {
KapuaExceptionHandler.handle(t);
return null;
Expand Down
3 changes: 2 additions & 1 deletion ...pi/src/main/java/org/eclipse/kapua/app/console/module/api/setting/ConsoleSettingKeys.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright (c) 2017 Eurotech and/or its affiliates and others
* Copyright (c) 2017, 2020 Eurotech and/or its affiliates and others
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
Expand Down Expand Up @@ -39,6 +39,7 @@ public enum ConsoleSettingKeys implements SettingKey {

SSO_REDIRECT_URI("console.sso.redirect.uri"), //
SSO_CONSOLE_HOME_URI("console.sso.home.uri"), //
SSO_OPENID_LOGOUT_ENABLED("console.sso.openid.logout.enabled"), //

EXPORT_MAX_PAGES("console.export.max.pages"),
EXPORT_MAX_PAGE_SIZE("console.export.max.pagesize");
Expand Down
4 changes: 4 additions & 0 deletions docs/developer-guide/en/sso.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,10 @@ This is implemented following the OpenID Connect specification for the
Note that logging out from the OpenID provider is also possible through the provider OpenID logout endpoint,
but the user will remain logged into Kapua until also the logout from Kapua is performed.

The OpenID Connect logout can be disabled by setting the `console.sso.openid.logout.enabled` property to `false` (this property is always set
to `true` by default). Be careful if you choose to disable the OpenID logout, since this will allow the user to login again into the Kapua Console without
the need to provide any credentials.

## Keycloak Example (Docker based)

We detail here the steps to run an SSO Keycloak provider.
Expand Down

0 comments on commit f8261e7

Please sign in to comment.