pluralized post-logout redirect URI on client, closes #654

openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java

@@ -118,7 +118,7 @@ public class ClientDetailsEntity implements ClientDetails {
 	private Set<String> defaultACRvalues; // default_acr_values
 
 	private String initiateLoginUri; // initiate_login_uri
-	private String postLogoutRedirectUri; // post_logout_redirect_uri
+	private Set<String> postLogoutRedirectUris; // post_logout_redirect_uris
 
 	private Set<String> requestUris; // request_uris
 
@@ -983,17 +983,21 @@ public class ClientDetailsEntity implements ClientDetails {
 	/**
 	 * @return the postLogoutRedirectUri
 	 */
-	@Basic
+	@ElementCollection(fetch = FetchType.EAGER)
+	@CollectionTable(
+			name="client_post_logout_redirect_uri",
+			joinColumns=@JoinColumn(name="owner_id")
+			)
 	@Column(name="post_logout_redirect_uri")
-	public String getPostLogoutRedirectUri() {
-		return postLogoutRedirectUri;
+	public Set<String> getPostLogoutRedirectUris() {
+		return postLogoutRedirectUris;
 	}
 
 	/**
 	 * @param postLogoutRedirectUri the postLogoutRedirectUri to set
 	 */
-	public void setPostLogoutRedirectUri(String postLogoutRedirectUri) {
-		this.postLogoutRedirectUri = postLogoutRedirectUri;
+	public void setPostLogoutRedirectUris(Set<String> postLogoutRedirectUri) {
+		this.postLogoutRedirectUris = postLogoutRedirectUri;
 	}
 
 	/**

openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java

@@ -549,17 +549,17 @@ public class RegisteredClient {
 	}
 	/**
 	 * @return
-	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getPostLogoutRedirectUri()
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getPostLogoutRedirectUris()
 	 */
-	public String getPostLogoutRedirectUri() {
-		return client.getPostLogoutRedirectUri();
+	public Set<String> getPostLogoutRedirectUris() {
+		return client.getPostLogoutRedirectUris();
 	}
 	/**
 	 * @param postLogoutRedirectUri
-	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setPostLogoutRedirectUri(java.lang.String)
+	 * @see org.mitre.oauth2.model.ClientDetailsEntity#setPostLogoutRedirectUris(java.lang.String)
 	 */
-	public void setPostLogoutRedirectUri(String postLogoutRedirectUri) {
-		client.setPostLogoutRedirectUri(postLogoutRedirectUri);
+	public void setPostLogoutRedirectUris(Set<String> postLogoutRedirectUri) {
+		client.setPostLogoutRedirectUris(postLogoutRedirectUri);
 	}
 	/**
 	 * @return

openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java

@@ -137,7 +137,7 @@ public class ClientDetailsEntityJsonProcessor {
 
 			c.setDefaultACRvalues(getAsStringSet(o, "default_acr_values"));
 			c.setInitiateLoginUri(getAsString(o, "initiate_login_uri"));
-			c.setPostLogoutRedirectUri(getAsString(o, "post_logout_redirect_uri"));
+			c.setPostLogoutRedirectUris(getAsStringSet(o, "post_logout_redirect_uris"));
 			c.setRequestUris(getAsStringSet(o, "request_uris"));
 
 			return c;
@@ -241,7 +241,7 @@ public class ClientDetailsEntityJsonProcessor {
 		o.addProperty("require_auth_time", c.getRequireAuthTime());
 		o.add("default_acr_values", getAsArray(c.getDefaultACRvalues()));
 		o.addProperty("initiate_login_uri", c.getInitiateLoginUri());
-		o.addProperty("post_logout_redirect_uri", c.getPostLogoutRedirectUri());
+		o.add("post_logout_redirect_uris", getAsArray(c.getPostLogoutRedirectUris()));
 		o.add("request_uris", getAsArray(c.getRequestUris()));
 		return o;
 	}

openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql

@@ -122,6 +122,11 @@ CREATE TABLE IF NOT EXISTS client_request_uri (
 	request_uri VARCHAR(2000)
 );
 
+CREATE TABLE IF NOT EXISTS client_post_logout_redirect_uri (
+	owner_id BIGINT,
+	post_logout_redirect_uri VARCHAR(2000)
+);
+
 CREATE TABLE IF NOT EXISTS client_default_acr_value (
 	owner_id BIGINT,
 	default_acr_value VARCHAR(2000)

openid-connect-server-webapp/src/main/resources/db/tables/mysql_database_tables.sql

@@ -137,6 +137,11 @@ CREATE TABLE IF NOT EXISTS client_redirect_uri (
 	redirect_uri VARCHAR(2048) 
 );
 
+CREATE TABLE IF NOT EXISTS client_post_logout_redirect_uri (
+	owner_id BIGINT,
+	post_logout_redirect_uri VARCHAR(2000)
+);
+
 CREATE TABLE IF NOT EXISTS refresh_token (
 	id BIGINT AUTO_INCREMENT PRIMARY KEY,
 	token_value VARCHAR(4096),

openid-connect-server-webapp/src/main/webapp/resources/js/client.js

@@ -70,7 +70,7 @@ var ClientModel = Backbone.Model.extend({
         defaultACRvalues:null,
         
         initiateLoginUri:"",
-        postLogoutRedirectUri:"",
+        postLogoutRedirectUris:[],
         
         requestUris:[],
         
@@ -611,6 +611,7 @@ var ClientFormView = Backbone.View.extend({
         this.contactsCollection = new Backbone.Collection();
         this.defaultAcrValuesCollection = new Backbone.Collection();
         this.requestUrisCollection = new Backbone.Collection();
+        this.postLogoutRedirectUrisCollection = new Backbone.Collection();
         // TODO: add Spring authorities collection and resource IDs collection?
         
         // collection of sub-views that need to be sync'd on save
@@ -904,7 +905,7 @@ var ClientFormView = Backbone.View.extend({
             responseTypes: responseTypes,
             sectorIdentifierUri: $('#sectorIdentifierUri input').val(),
             initiateLoginUri: $('#initiateLoginUri input').val(),
-            postLogoutRedirectUri: $('#postLogoutRedirectUri input').val(),
+            postLogoutRedirectUris: this.postLogoutRedirectUrisCollection.pluck('item'),
             reuseRefreshToken: $('#reuseRefreshToken').is(':checked'),
             requireAuthTime: $('#requireAuthTime input').is(':checked'),
             defaultMaxAge: parseInt($('#defaultMaxAge input').val()),
@@ -1039,6 +1040,18 @@ var ClientFormView = Backbone.View.extend({
         $("#contacts .controls", this.el).html(contactsView.render().el);
         this.listWidgetViews.push(contactsView);
         
+        // build and bind post-logout redirect URIs
+        _.each(this.model.get('postLogoutRedirectUris'), function(postLogoutRedirectUri) {
+        	_self.postLogoutRedirectUrisCollection.add(new URIModel({item:postLogoutRedirectUri}));
+        });
+        
+        var postLogoutRedirectUrisView = new ListWidgetView({
+        	type: 'uri',
+        	placeholder: 'https://',
+        	helpBlockText: $.t('client.client-form.post-logout-help'),
+        	collection: this.postLogoutRedirectUrisCollection});
+        $('#postLogoutRedirectUri .controls', this.el).html(postLogoutRedirectUrisView.render().el);
+        this.listWidgetViews.push(postLogoutRedirectUrisView);
         
         // build and bind request URIs
         _.each(this.model.get('requestUris'), function (requestUri) {

openid-connect-server-webapp/src/main/webapp/resources/template/client.html

@@ -703,8 +703,6 @@
 			<div class="control-group" id="postLogoutRedirectUri">
 				<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> <span data-i18n="client.client-form.post-logout">Post-Logout Redirect</span></label>
 				<div class="controls">
-					<input placeholder="https://" value="<%-postLogoutRedirectUri%>" maxlength="1000" type="text" class=""/>
-					<p class="help-block" data-i18n="client.client-form.post-logout-help">URL to redirect the client to after a logout operation</p>
 				</div>
 			</div>
 

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java

@@ -398,7 +398,7 @@ public class MITREidDataService_1_2 extends MITREidDataService_1_X {
                 writer.name("defaultACRValues");
                 writeNullSafeArray(writer, client.getDefaultACRvalues());
                 writer.name("intitateLoginUri").value(client.getInitiateLoginUri());
-                writer.name("postLogoutRedirectUri").value(client.getPostLogoutRedirectUri());
+                writer.name("postLogoutRedirectUri").value(client.getPostLogoutRedirectUris());
                 writer.name("requestUris");
                 writeNullSafeArray(writer, client.getRequestUris());
                 writer.name("description").value(client.getClientDescription());
@@ -1022,7 +1022,7 @@ public class MITREidDataService_1_2 extends MITREidDataService_1_X {
                         } else if (name.equals("initiateLoginUri")) {
                             client.setInitiateLoginUri(reader.nextString());
                         } else if (name.equals("postLogoutRedirectUri")) {
-                            client.setPostLogoutRedirectUri(reader.nextString());
+                            client.setPostLogoutRedirectUris(reader.nextString());
                         } else if (name.equals("requestUris")) {
                             Set<String> requestUris = readSet(reader);
                             client.setRequestUris(requestUris);

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java

@@ -147,7 +147,7 @@ public class ProtectedResourceRegistrationEndpoint {
 			newClient.setIdTokenEncryptedResponseEnc(null);
 			newClient.setIdTokenSignedResponseAlg(null);
 			newClient.setInitiateLoginUri(null);
-			newClient.setPostLogoutRedirectUri(null);
+			newClient.setPostLogoutRedirectUris(null);
 			newClient.setRequestObjectSigningAlg(null);
 			newClient.setRequireAuthTime(null);
 			newClient.setReuseRefreshToken(false);
@@ -314,7 +314,7 @@ public class ProtectedResourceRegistrationEndpoint {
 			newClient.setIdTokenEncryptedResponseEnc(null);
 			newClient.setIdTokenSignedResponseAlg(null);
 			newClient.setInitiateLoginUri(null);
-			newClient.setPostLogoutRedirectUri(null);
+			newClient.setPostLogoutRedirectUris(null);
 			newClient.setRequestObjectSigningAlg(null);
 			newClient.setRequireAuthTime(null);
 			newClient.setReuseRefreshToken(false);