Add OIDC Custom Logout URL (#148)

* Add oidc logout url to env and docker image

* Set the custom logout URL if OIDC_LOGOUT_URL is defined

---------

Co-authored-by: diegolamaral <diego.arruda.amaral@gmail.com>

core/files/configure_misp.sh

@@ -103,6 +103,13 @@ set_up_oidc() {
         }
     }" > /dev/null
 
+    # Set the custom logout URL for the OIDC plugin only if OIDC_LOGOUT_URL is defined
+    if [[ -n "${OIDC_LOGOUT_URL}" ]]; then
+        sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.CustomAuth_custom_logout" "${OIDC_LOGOUT_URL}&post_logout_redirect_uri=${BASE_URL}/users/login"
+    else
+        echo "OIDC_LOGOUT_URL is not set"
+    fi
+
     # Disable password confirmation as stated at https://github.com/MISP/MISP/issues/8116
     sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.require_password_confirmation" false
 }

docker-compose.yml

@@ -117,6 +117,7 @@ services:
       - "OIDC_ROLES_PROPERTY=${OIDC_ROLES_PROPERTY}"
       - "OIDC_ROLES_MAPPING=${OIDC_ROLES_MAPPING}"
       - "OIDC_DEFAULT_ORG=${OIDC_DEFAULT_ORG}"
+      - "OIDC_LOGOUT_URL=${OIDC_LOGOUT_URL}"
       # LDAP authentication settings
       - "LDAP_ENABLE=${LDAP_ENABLE}"
       - "LDAP_APACHE_ENV=${LDAP_APACHE_ENV}"

template.env

@@ -121,6 +121,7 @@ SYNCSERVERS_1_PULL_RULES=
 # OIDC_ROLES_PROPERTY="roles"
 # OIDC_ROLES_MAPPING="{\"admin\": \"1\"}"
 # OIDC_DEFAULT_ORG=
+# OIDC_LOGOUT_URL=
 
 # Enable LDAP (using the ApacheSecureAuth component) authentication, according to https://github.com/MISP/MISP/issues/6189
 # NOTE: Once you enable LDAP authentication with the ApacheSecureAuth component,