From 26ae2bff7c85d2b5f0dadf63b38ecd33bea6b74c Mon Sep 17 00:00:00 2001 From: DiegolAmaral <114777317+Diogo-Rego@users.noreply.github.com> Date: Wed, 2 Oct 2024 11:24:12 +0000 Subject: [PATCH] Add OIDC Custom Logout URL (#148) * Add oidc logout url to env and docker image * Set the custom logout URL if OIDC_LOGOUT_URL is defined --------- Co-authored-by: diegolamaral --- core/files/configure_misp.sh | 7 +++++++ docker-compose.yml | 1 + template.env | 1 + 3 files changed, 9 insertions(+) diff --git a/core/files/configure_misp.sh b/core/files/configure_misp.sh index 648bbfc..3c1ca02 100755 --- a/core/files/configure_misp.sh +++ b/core/files/configure_misp.sh @@ -103,6 +103,13 @@ set_up_oidc() { } }" > /dev/null + # Set the custom logout URL for the OIDC plugin only if OIDC_LOGOUT_URL is defined + if [[ -n "${OIDC_LOGOUT_URL}" ]]; then + sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.CustomAuth_custom_logout" "${OIDC_LOGOUT_URL}&post_logout_redirect_uri=${BASE_URL}/users/login" + else + echo "OIDC_LOGOUT_URL is not set" + fi + # Disable password confirmation as stated at https://github.com/MISP/MISP/issues/8116 sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.require_password_confirmation" false } diff --git a/docker-compose.yml b/docker-compose.yml index 175ad39..c74f8ac 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -117,6 +117,7 @@ services: - "OIDC_ROLES_PROPERTY=${OIDC_ROLES_PROPERTY}" - "OIDC_ROLES_MAPPING=${OIDC_ROLES_MAPPING}" - "OIDC_DEFAULT_ORG=${OIDC_DEFAULT_ORG}" + - "OIDC_LOGOUT_URL=${OIDC_LOGOUT_URL}" # LDAP authentication settings - "LDAP_ENABLE=${LDAP_ENABLE}" - "LDAP_APACHE_ENV=${LDAP_APACHE_ENV}" diff --git a/template.env b/template.env index b1188de..66edd73 100644 --- a/template.env +++ b/template.env @@ -121,6 +121,7 @@ SYNCSERVERS_1_PULL_RULES= # OIDC_ROLES_PROPERTY="roles" # OIDC_ROLES_MAPPING="{\"admin\": \"1\"}" # OIDC_DEFAULT_ORG= +# OIDC_LOGOUT_URL= # Enable LDAP (using the ApacheSecureAuth component) authentication, according to https://github.com/MISP/MISP/issues/6189 # NOTE: Once you enable LDAP authentication with the ApacheSecureAuth component,