Merge pull request #184 from uprightech/version_4.5.6-slo-redirect

fix: invalid context for ShibOxAuthAuthServlet
GluuFederation · Sep 15, 2024 · 65be6e1 · 65be6e1
2 parents a9f7727 + 9cea304
commit 65be6e1
Show file tree

Hide file tree

Showing 5 changed files with 156 additions and 245 deletions.
diff --git a/shib-oxauth-authn/src/main/java/org/gluu/idp/externalauth/ShibOxAuthAuthServlet.java b/shib-oxauth-authn/src/main/java/org/gluu/idp/externalauth/ShibOxAuthAuthServlet.java
@@ -76,7 +76,7 @@
  * @author Yuriy Movchan
  * @version 0.1, 09/13/2018
  */
-@WebServlet(name = "ShibOxAuthAuthServlet", urlPatterns = { "/ceva/auth/*" })
+@WebServlet(name = "ShibOxAuthAuthServlet", urlPatterns = { "/Authn/oxAuth/*" })
 public class ShibOxAuthAuthServlet extends HttpServlet {
 
  private static final long serialVersionUID = -4864851392327422662L;

diff --git a/static/src/main/patches/019.add-custom-view-context.patch b/static/src/main/patches/019.add-custom-view-context.patch
diff --git a/static/src/main/patches/019.update-logout-views.patch b/static/src/main/patches/019.update-logout-views.patch
@@ -0,0 +1,155 @@
+diff -aurN shibboleth-idp.orig/views/logout-complete.vm shibboleth-idp/views/logout-complete.vm
+--- shibboleth-idp.orig/views/logout-complete.vm 2024-09-02 11:49:25.962679000 +0100
++++ shibboleth-idp/views/logout-complete.vm 2024-09-02 12:02:41.192840882 +0100
+@@ -16,6 +16,10 @@
+ ##
+ #set ($activeIdPSessions = $logoutContext and !$logoutContext.getIdPSessions().isEmpty())
+ #set ($activeSPSessions = $logoutContext and !$logoutContext.getSessionMap().isEmpty())
++
++## Gluu specific variables 
++#set ($gluuLogoutRedirectUrl = $custom.getRelyingPartyLogoutRedirectUrl($profileRequestContext,$multiRPContext,$logoutContext))
++
+ <!DOCTYPE html>
+ <html>
+ <head>
+@@ -23,13 +27,16 @@
+ <meta charset="UTF-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0">
++ #if ($gluuLogoutRedirectUrl)
++ <meta http-equiv="refresh" content="15;url=$gluuLogoutRedirectUrl">
++ #end
+ <link rel="stylesheet" type="text/css" href="$request.getContextPath()#springMessageText("idp.css", "/css/placeholder.css")">
+ </head>
+
+ <body>
+ <main class="main">
+ <header>
+- <img class="main-logo" src="$request.getContextPath()/servlet/logo" alt="#springMessageText("idp.logo.alt-text", "logo")" />
++ <img class="main-logo" src="$request.getContextPath()/servlet/logo" alt="#springMessageText("idp.logo.alt-text", "logo")" />
+ </header>
+
+ <section>
+@@ -50,6 +57,10 @@
+ #if ( $profileRequestContext.getProfileId().contains("saml2/logout") )
+ <iframe style="display:none" src="$flowExecutionUrl&_eventId=proceed"></iframe>
+ #end
++
++ #if($gluuLogoutRedirectUrl)
++ <p>You will be redirected shortly ... </p>
++ #end
+ </section>
+ </main>
+ <footer class="footer">
+@@ -58,4 +69,4 @@
+ </div>
+ </footer>
+ </body>
+-</html>
++</html>
+\ No newline at end of file
+diff -aurN shibboleth-idp.orig/views/logout-propagate.vm shibboleth-idp/views/logout-propagate.vm
+--- shibboleth-idp.orig/views/logout-propagate.vm 2024-09-02 11:49:25.962679000 +0100
++++ shibboleth-idp/views/logout-propagate.vm 2024-09-02 12:06:35.848396418 +0100
+@@ -17,6 +17,10 @@
+ ## custom - arbitrary object injected by deployer
+ ##
+ #set ($hidden = $environment.getProperty("idp.logout.propagationHidden", "false"))
++
++## Gluu specific variables 
++#set ($gluuLogoutRedirectUrl = $custom.getRelyingPartyLogoutRedirectUrl($profileRequestContext,$multiRPContext,$logoutContext))
++
+ <!DOCTYPE html>
+ <html>
+ <head>
+@@ -26,17 +30,23 @@
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0">
+ <link rel="stylesheet" type="text/css" href="$request.getContextPath()#springMessageText("idp.css", "/css/placeholder.css")">
+ <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/logout.css">
++ #if ($gluuLogoutRedirectUrl)
++ <meta http-equiv="refresh" content="15;url=$gluuLogoutRedirectUrl">
++ #end
+ </head>
+
+ <body>
+ <main class="main">
+ <header>
+- <img class="main-logo" src="$request.getContextPath()/servlet/logo" alt="#springMessageText("idp.logo.alt-text", "logo")" />
++ <img class="main-logo" src="$request.getContextPath()#springMessageText("idp.logo", "/images/placeholder-logo.png")" alt="#springMessageText("idp.logo.alt-text", "logo")" />
+ </header>
+
+ <section>
+ #if($hidden == "true")
+ <p>#springMessageText("idp.logout.hidden", "Your single sign-on session has been terminated, but you are still logged into many of the services you have accessed during your session.")</p>
++ #if(gluuLogoutRedirectUrl)
++ <p>You will be redirected shortly...</p>
++ #end
+ #else
+ <h1>#springMessageText("idp.logout.attempt", "Attempting to log out of the following services:")</h1>
+ #end
+@@ -54,4 +64,4 @@
+ </div>
+ </footer>
+ </body>
+-</html>
++</html>
+\ No newline at end of file
+diff -aurN shibboleth-idp.orig/views/logout.vm shibboleth-idp/views/logout.vm
+--- shibboleth-idp.orig/views/logout.vm 2024-09-02 11:49:25.962679000 +0100
++++ shibboleth-idp/views/logout.vm 2024-09-02 11:58:36.593723650 +0100
+@@ -20,6 +20,10 @@
+ #end
+ #set ($promptForIdP = $logoutContext and !$logoutContext.getIdPSessions().isEmpty())
+ #set ($promptForSP = $logoutContext and !$logoutContext.getSessionMap().isEmpty())
++
++## Gluu specific variables 
++#set ($gluuLogoutRedirectUrl = $custom.getRelyingPartyLogoutRedirectUrl($profileRequestContext,$multiRPContext,$logoutContext))
++
+ <!DOCTYPE html>
+ <html>
+ <head>
+@@ -100,6 +104,19 @@
+ <p><strong>#springMessageText("idp.logout.complete", "The logout operation is complete, and no other services appear to have been accessed during this session.")</strong></p>
+ <!-- Complete the flow by adding a hidden iframe. -->
+ <iframe style="display:none" src="$flowExecutionUrl&_eventId=proceed"></iframe>
++
++ <!-- gluu specific modifications for slo redirect -->
++ #if($gluuLogoutRedirectUrl)
++ <p><strong>#springMessageText("idp.logout.redirect","You will now be redirected")</strong></p>
++ <form id="logout_redirect_form" method="GET" action="$gluuLogoutRedirectUrl">
++ <p>
++ <button class="button-secondary" id="logout_redirect" type="submit">
++ #springMessageText("idp.logout.redirect.caption","If it's taking too long, click here")
++ </button>
++ </p>
++ </form>
++ #end
++ <!-- end of gluu modifications -->
+ #end
+
+ <ul>
+@@ -108,6 +125,17 @@
+ </ul>
+ </section>
+
++ <!-- gluu js redirect -->
++ <script type="text/javascript">
++ function gluu_slo_redirect() {
++ var logout_redir_form = document.getElementById("logout_redirect_form");
++ if(logout_redir_form != null) {
++ logout_redir_form.submit();
++ }
++ }
++ setTimeout(gluu_slo_redirect,5000);
++ </script>
++ <!-- end gluu js redirect -->
+ </main>
+ <footer class="footer">
+ <div class="cc">
+@@ -115,4 +143,4 @@
+ </div>
+ </footer>
+ </body>
+-</html>
++</html>
+\ No newline at end of file
diff --git a/static/src/main/patches/020.update-auth-urls.patch b/static/src/main/patches/020.update-auth-urls.patch