Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-18193

Notify OpenID Logout to OP with @OpenIdAuthenticationMechanismDefinition

XMLWordPrintable

      1. Define an OpenId Authentication Mechanism with logout notification to the OP.
      2. Access a restricted resource to force authentication.
      3. Logout from the application to close the OpenId session (OP).
    • ---
    • ---

      Let's define an OpenId Authentication mechanism to notifiy a logout from the application to the OpenID Provider such as:

      @OpenIdAuthenticationMechanismDefinition(
                 providerURI = "${openId.providerURI}",
                 redirectURI = "${openId.redirectURI}",
                 clientId = "${openId.clientId}",
                 clientSecret = "${openId.clientSecret}",
                 tokenAutoRefresh = true,
                 logout = @LogoutDefinition(
                    }}{{notifyProvider = true,
                    redirectURI = "${openId.logoutRedirectURI}")
      )
      public class OpenIdDefinition {
          
      }

      When invoking HttpServletRequest.logout() the OpenId Authentication Mechanism sends a redirection to the following URI:

      /<app>/org.jboss.resteasy.specimpl.ResteasyUriBuilderImpl@224ebc2a

      It seems that the construction of such redirection is not valid or maybe some configuration might be missing. No error is thrown, it's just a matter of incorrect redirection to the OP.

       

              fjuma1@redhat.com Farah Juma
              zhaiku Haiku Z (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: