CODEWITHSUNDEEP
wso2wso2-identity-server
BA23AC
BA23AC

Reputation: 48

How To properly OIDC Logout in WSO2 IS

I am trying to logout from an application that is using OIDC for the authentication. Once Am logged in I can not logout when I head to /logout am not seeing the consent page that am used to see when logging out from the WSO2 Console application(I haven't disabled it so it should appear to confirm the logout). after that I am redirected to the /login page in which am not required to insert credentials and all I have to do is click allow on the consent.

Config security class

public class ConfigSecurity extends WebSecurityConfigurerAdapter {

    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
                .antMatchers("/login","/assets/**")
                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .oauth2Login().loginPage("/login")
                .and()
                .logout().logoutUrl("/logout")
                .logoutSuccessHandler(oidcLogoutSuccessHandler());

    }

    @Autowired
    private ClientRegistrationRepository clientRegistrationRepository;

    private LogoutSuccessHandler oidcLogoutSuccessHandler() {

        OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler =
                new OidcClientInitiatedLogoutSuccessHandler(
                        this.clientRegistrationRepository);
        oidcLogoutSuccessHandler.setPostLogoutRedirectUri(URI.create("http://localhost:8844/logout"));
        return oidcLogoutSuccessHandler;
    }
}

Callback URI :

regexp=(http://localhost:8844/login/oauth2/code/wso2|http://localhost:8844/logout)

BackChannel Logout URI : https://localhost:9443/oidc/logout

Application.properties :

server.port=8844
#########
spring.security.oauth2.client.registration.wso2.client-name=WSO2 Identity Server
spring.security.oauth2.client.registration.wso2.client-id=5YvGdwKZaS6pTS_uZhfu_X8sNVYa
spring.security.oauth2.client.registration.wso2.client-secret=hGPrgFnlbuS5N7_srxRenz998h8a
spring.security.oauth2.client.registration.wso2.redirect-uri={baseUrl}/login/oauth2/code/wso2
spring.security.oauth2.client.registration.wso2.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.wso2.scope=openid

# spring.security.oauth2.client.provider.wso2.issuer-uri=https://localhost:9443/oauth2/oidcdiscovery

#Identity Server Properties
spring.security.oauth2.client.provider.wso2.authorization-uri=https://localhost:9443/oauth2/authorize
spring.security.oauth2.client.provider.wso2.token-uri=https://localhost:9443/oauth2/token
spring.security.oauth2.client.provider.wso2.user-info-uri=https://localhost:9443/oauth2/userinfo
spring.security.oauth2.client.provider.wso2.jwk-set-uri=https://localhost:9443/oauth2/jwks

Can anyone help thanks in advance

Upvotes: 0

Views: 1086

Answers (1)

Piraveena Paralogarajah
Piraveena Paralogarajah

Reputation: 1515

Springboot oauth client derives OIDC logout endpoint of the IDP from the discovery endpoint. The issue is, from your application properities file, the application could not find the logout endpoint of the IDP. Token endpoint, authorization url, user-info-uri and jwk-set-uri can be configured separately. But there is no way to configure logout url in such a way. Since WSO2 supports OIDC discovery, all the endpoints token endpoint, authorization url, user-info-uri and jwk-set-uri urls, logout endpoint can be obtained from the issuer_uri property. So remove Token endpoint, authorization url, user-info-uri and jwk-set-uri configurations and add issue-uri config. Apply the below configuration to your properties file and see.

server.port=8844
#########
spring.security.oauth2.client.registration.wso2.client-name=WSO2 Identity Server
spring.security.oauth2.client.registration.wso2.client-id=5YvGdwKZaS6pTS_uZhfu_X8sNVYa
spring.security.oauth2.client.registration.wso2.client-secret=hGPrgFnlbuS5N7_srxRenz998h8a
spring.security.oauth2.client.registration.wso2.redirect-uri={baseUrl}/login/oauth2/code/wso2
spring.security.oauth2.client.registration.wso2.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.wso2.scope=openid

spring.security.oauth2.client.provider.wso2.issuer-uri=https://localhost:9443/oauth2/token

You can refer these docs:

https://docs.spring.io/spring-boot/docs/current/reference/html/spring-boot-features.html#boot-features-security-oauth2-client

https://www.baeldung.com/spring-security-openid-connect

Upvotes: 1

Related Questions