Diplomarbeit-Absolventenverein/oqtane.framework
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

implement single logout for OIDC

Browse Source
This commit is contained in:
sbwalker
2025-09-29 09:39:15 -04:00
parent bc2e7915cc
commit 68233951cb
3 changed files with 43 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Oqtane.Client/Modules/Admin/Users/Index.razor
View File

@ -329,6 +329,15 @@ else
</select>
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="singlelogout" HelpText="Specify if users should be logged out of both the application and provider (the default is false indicating they will only be logged out of the application)" ResourceKey="SingleLogout">Use Single Logout?</Label>
<div class="col-sm-9">
<select id="singlelogout" class="form-select" @bind="@_singlelogout" required>
<option value="true">@SharedLocalizer["Yes"]</option>
<option value="false">@SharedLocalizer["No"]</option>
</select>
</div>
</div>
}
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="scopes" HelpText="A list of Scopes to request from the provider (separated by commas). If none are specified, standard Scopes will be used by default." ResourceKey="Scopes">Scopes:</Label>
@ -560,6 +569,7 @@ else
private string _toggleclientsecret = string.Empty;
private string _authresponsetype;
private string _requirenonce;
private string _singlelogout;
private string _scopes;
private string _parameters;
private string _pkce;
@ -648,6 +658,7 @@ else
_toggleclientsecret = SharedLocalizer["ShowPassword"];
_authresponsetype = SettingService.GetSetting(settings, "ExternalLogin:AuthResponseType", "code");
_requirenonce = SettingService.GetSetting(settings, "ExternalLogin:RequireNonce", "true");
_singlelogout = SettingService.GetSetting(settings, "ExternalLogin:SingleLogout", "false");
_scopes = SettingService.GetSetting(settings, "ExternalLogin:Scopes", "");
_parameters = SettingService.GetSetting(settings, "ExternalLogin:Parameters", "");
_pkce = SettingService.GetSetting(settings, "ExternalLogin:PKCE", "false");
@ -771,6 +782,7 @@ else
settings = SettingService.SetSetting(settings, "ExternalLogin:ClientSecret", _clientsecret, true);
settings = SettingService.SetSetting(settings, "ExternalLogin:AuthResponseType", _authresponsetype, true);
settings = SettingService.SetSetting(settings, "ExternalLogin:RequireNonce", _requirenonce, true);
settings = SettingService.SetSetting(settings, "ExternalLogin:SingleLogout", _singlelogout, true);
settings = SettingService.SetSetting(settings, "ExternalLogin:Scopes", _scopes, true);
settings = SettingService.SetSetting(settings, "ExternalLogin:Parameters", _parameters, true);
settings = SettingService.SetSetting(settings, "ExternalLogin:PKCE", _pkce, true);

6
Oqtane.Client/Resources/Modules/Admin/Users/Index.resx
View File

@ -555,4 +555,10 @@
<data name="CookieDomain.HelpText" xml:space="preserve">
<value>If you would like to share cookies across subdomains you will need to specify a root domain with a leading dot (ie. '.example.com')</value>
</data>
<data name="SingleLogout.Text" xml:space="preserve">
<value>Allow Single Logout?</value>
</data>
<data name="SingleLogout.HelpText" xml:space="preserve">
<value>Specify if users should be logged out of both the application and provider (the default is false indicating they will only be logged out of the application)</value>
</data>
</root>

27
Oqtane.Server/Pages/Logout.cshtml.cs
View File

@ -1,5 +1,8 @@
using System.Collections.Generic;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
@ -8,6 +11,7 @@ using Oqtane.Extensions;
using Oqtane.Infrastructure;
using Oqtane.Managers;
using Oqtane.Shared;
using Radzen.Blazor.Markdown;
namespace Oqtane.Pages
{
@ -28,6 +32,9 @@ namespace Oqtane.Pages
public async Task<IActionResult> OnPostAsync(string returnurl, string everywhere)
{
returnurl = (returnurl == null) ? "/" : returnurl;
returnurl = (!returnurl.StartsWith("/")) ? "/" + returnurl : returnurl;
if (HttpContext.User != null)
{
var alias = HttpContext.GetAlias();
@ -43,13 +50,25 @@ namespace Oqtane.Pages
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Logout For Username {Username}", user.Username);
}
await HttpContext.SignOutAsync(Constants.AuthenticationScheme);
var authenticationProperties = new AuthenticationProperties
{
RedirectUri = returnurl
};
var authenticationSchemes = new List<string>();
authenticationSchemes.Add(Constants.AuthenticationScheme);
if (HttpContext.GetSiteSettings().GetValue("ExternalLogin:ProviderType", "") == AuthenticationProviderTypes.OpenIDConnect &&
HttpContext.GetSiteSettings().GetValue("ExternalLogin:SingleLogout", "false") == "true")
{
authenticationSchemes.Add(AuthenticationProviderTypes.OpenIDConnect);
}
returnurl = (returnurl == null) ? "/" : returnurl;
returnurl = (!returnurl.StartsWith("/")) ? "/" + returnurl : returnurl;
return SignOut(authenticationProperties, authenticationSchemes.ToArray());
}
else
{
return LocalRedirect(Url.Content("~" + returnurl));
}
}
}
}