Rework the logout handler to fix session cleanup during OIDC logout#223
Closed
jonasbardino wants to merge 2 commits intoedgefrom
Closed
Rework the logout handler to fix session cleanup during OIDC logout#223jonasbardino wants to merge 2 commits intoedgefrom
jonasbardino wants to merge 2 commits intoedgefrom
Conversation
1) Generally act in reverse order of login regarding gdp project logout, 2FA
session clean up and local+remote IDP logout
2) Disable the OpenID 2.0 workaround with interleaved remote IDP logout when
using OpenID Connect
This should make logout more consistent and more importantly address the issue
with missing local 2FA session termination during OpenID Connect logout we
currently see in issue 222.
Contributor
Author
|
Tested with external OpenID Connect auth and for built-in OpenID 2.0 auth. It looks like we will want to ask our own upstream OIDC IDP to adjust configuration so that we are allowed to redirect to the reentry page after logout. |
jonasbardino
added
the
follow-up pending
Contributor
Author
|
Merged through svn with a few TODOs to handle as follow-up. Mainly the change to use proper base URL when our own IDP allows it. |
jonasbardino
deleted the
fix/rework-openid-connect-logout-for-proper-session-cleanup
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
session clean up and local+remote IDP logout
using OpenID Connect
This should make logout more consistent and more importantly address the issue with missing local 2FA session termination during OpenID Connect logout we currently see in issue #222 .