[backend] Add remote logout_remote value to openId options (#7766)

OpenCTI-Platform · Oct 1, 2024 · a296246 · a296246
1 parent 7cd3a53
commit a296246
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/opencti-platform/opencti-graphql/src/config/providers.js b/opencti-platform/opencti-graphql/src/config/providers.js
@@ -317,7 +317,7 @@ for (let i = 0; i < providerKeys.length; i += 1) {
           }
           // endregion
           const openIdScope = R.uniq(openIdScopes).join(' ');
-          const options = { client, passReqToCallback: true, params: { scope: openIdScope } };
+          const options = { logout_remote: mappedConfig.logout_remote, client, passReqToCallback: true, params: { scope: openIdScope } };
           const debugCallback = (message, meta) => logApp.info(message, meta);
           const openIDStrategy = new OpenIDStrategy(options, debugCallback, (_, tokenset, userinfo, done) => {
             logApp.info('[OPENID] Successfully logged', { userinfo });
@@ -386,6 +386,7 @@ for (let i = 0; i < providerKeys.length; i += 1) {
           openIDStrategy.logout = (_, callback) => {
             const isSpecificUri = isNotEmptyField(config.logout_callback_url);
             const endpointUri = issuer.end_session_endpoint ? issuer.end_session_endpoint : `${config.issuer}/oidc/logout`;
+            logApp.debug(`[OPENID] logout configuration, isSpecificUri:${isSpecificUri}, issuer.end_session_endpoint:${issuer.end_session_endpoint}, final endpointUri: ${endpointUri}`);
             if (isSpecificUri) {
               const logoutUri = `${endpointUri}?post_logout_redirect_uri=${config.logout_callback_url}`;
               callback(null, logoutUri);

diff --git a/opencti-platform/opencti-graphql/src/http/httpPlatform.js b/opencti-platform/opencti-graphql/src/http/httpPlatform.js
@@ -361,6 +361,7 @@ const createApp = async (app) => {
           const strategy = passport._strategy(provider);
           if (strategy) {
             if (strategy.logout_remote === true && strategy.logout) {
+              logApp.debug('Logout: requesting remote logout using authentication strategy parameters.');
               req.user = user; // Needed for passport
               strategy.logout(req, (error, request) => {
                 if (error) {
@@ -371,6 +372,7 @@ const createApp = async (app) => {
                 }
               });
             } else {
+              logApp.debug('Logout: OpenCTI logout only, remote logout on IDP not requested.');
               res.redirect(referer);
             }
           } else {