Merge branch 'authentiq-backchannel-logout' into 'master'
Remote logout functionality on Authentiq OAuth provider See merge request !9381
This commit is contained in:
commit
c63016a379
2
Gemfile
2
Gemfile
|
@ -34,7 +34,7 @@ gem 'omniauth-saml', '~> 1.7.0'
|
||||||
gem 'omniauth-shibboleth', '~> 1.2.0'
|
gem 'omniauth-shibboleth', '~> 1.2.0'
|
||||||
gem 'omniauth-twitter', '~> 1.2.0'
|
gem 'omniauth-twitter', '~> 1.2.0'
|
||||||
gem 'omniauth_crowd', '~> 2.2.0'
|
gem 'omniauth_crowd', '~> 2.2.0'
|
||||||
gem 'omniauth-authentiq', '~> 0.2.0'
|
gem 'omniauth-authentiq', '~> 0.3.0'
|
||||||
gem 'rack-oauth2', '~> 1.2.1'
|
gem 'rack-oauth2', '~> 1.2.1'
|
||||||
gem 'jwt', '~> 1.5.6'
|
gem 'jwt', '~> 1.5.6'
|
||||||
|
|
||||||
|
|
|
@ -448,7 +448,7 @@ GEM
|
||||||
rack (>= 1.0, < 3)
|
rack (>= 1.0, < 3)
|
||||||
omniauth-auth0 (1.4.1)
|
omniauth-auth0 (1.4.1)
|
||||||
omniauth-oauth2 (~> 1.1)
|
omniauth-oauth2 (~> 1.1)
|
||||||
omniauth-authentiq (0.2.2)
|
omniauth-authentiq (0.3.0)
|
||||||
omniauth-oauth2 (~> 1.3, >= 1.3.1)
|
omniauth-oauth2 (~> 1.3, >= 1.3.1)
|
||||||
omniauth-azure-oauth2 (0.0.6)
|
omniauth-azure-oauth2 (0.0.6)
|
||||||
jwt (~> 1.0)
|
jwt (~> 1.0)
|
||||||
|
@ -925,7 +925,7 @@ DEPENDENCIES
|
||||||
oj (~> 2.17.4)
|
oj (~> 2.17.4)
|
||||||
omniauth (~> 1.3.2)
|
omniauth (~> 1.3.2)
|
||||||
omniauth-auth0 (~> 1.4.1)
|
omniauth-auth0 (~> 1.4.1)
|
||||||
omniauth-authentiq (~> 0.2.0)
|
omniauth-authentiq (~> 0.3.0)
|
||||||
omniauth-azure-oauth2 (~> 0.0.6)
|
omniauth-azure-oauth2 (~> 0.0.6)
|
||||||
omniauth-cas3 (~> 1.1.2)
|
omniauth-cas3 (~> 1.1.2)
|
||||||
omniauth-facebook (~> 4.0.0)
|
omniauth-facebook (~> 4.0.0)
|
||||||
|
|
|
@ -78,6 +78,13 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
||||||
handle_omniauth
|
handle_omniauth
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def authentiq
|
||||||
|
if params['sid']
|
||||||
|
handle_service_ticket oauth['provider'], params['sid']
|
||||||
|
end
|
||||||
|
handle_omniauth
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def handle_omniauth
|
def handle_omniauth
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
title: Adds remote logout functionality to the Authentiq OAuth provider
|
||||||
|
merge_request: 9381
|
||||||
|
author: Alexandros Keramidas
|
|
@ -240,6 +240,17 @@ Devise.setup do |config|
|
||||||
true
|
true
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
if provider['name'] == 'authentiq'
|
||||||
|
provider['args'][:remote_sign_out_handler] = lambda do |request|
|
||||||
|
authentiq_session = request.params['sid']
|
||||||
|
if Gitlab::OAuth::Session.valid?(:authentiq, authentiq_session)
|
||||||
|
Gitlab::OAuth::Session.destroy(:authentiq, authentiq_session)
|
||||||
|
true
|
||||||
|
else
|
||||||
|
false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
if provider['name'] == 'shibboleth'
|
if provider['name'] == 'shibboleth'
|
||||||
provider['args'][:fail_with_empty_uid] = true
|
provider['args'][:fail_with_empty_uid] = true
|
||||||
|
|
|
@ -54,7 +54,7 @@ Authentiq will generate a Client ID and the accompanying Client Secret for you t
|
||||||
5. The `scope` is set to request the user's name, email (required and signed), and permission to send push notifications to sign in on subsequent visits.
|
5. The `scope` is set to request the user's name, email (required and signed), and permission to send push notifications to sign in on subsequent visits.
|
||||||
See [OmniAuth Authentiq strategy](https://github.com/AuthentiqID/omniauth-authentiq#scopes-and-redirect-uri-configuration) for more information on scopes and modifiers.
|
See [OmniAuth Authentiq strategy](https://github.com/AuthentiqID/omniauth-authentiq#scopes-and-redirect-uri-configuration) for more information on scopes and modifiers.
|
||||||
|
|
||||||
6. Change 'YOUR_CLIENT_ID' and 'YOUR_CLIENT_SECRET' to the Client credentials you received in step 1.
|
6. Change `YOUR_CLIENT_ID` and `YOUR_CLIENT_SECRET` to the Client credentials you received in step 1.
|
||||||
|
|
||||||
7. Save the configuration file.
|
7. Save the configuration file.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue