diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java index 5b885bbe2..4c02a2a5f 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java @@ -118,7 +118,7 @@ public class ClientDetailsEntity implements ClientDetails { private Set defaultACRvalues; // default_acr_values private String initiateLoginUri; // initiate_login_uri - private String postLogoutRedirectUri; // post_logout_redirect_uri + private Set postLogoutRedirectUris; // post_logout_redirect_uris private Set requestUris; // request_uris @@ -983,17 +983,21 @@ public class ClientDetailsEntity implements ClientDetails { /** * @return the postLogoutRedirectUri */ - @Basic + @ElementCollection(fetch = FetchType.EAGER) + @CollectionTable( + name="client_post_logout_redirect_uri", + joinColumns=@JoinColumn(name="owner_id") + ) @Column(name="post_logout_redirect_uri") - public String getPostLogoutRedirectUri() { - return postLogoutRedirectUri; + public Set getPostLogoutRedirectUris() { + return postLogoutRedirectUris; } /** * @param postLogoutRedirectUri the postLogoutRedirectUri to set */ - public void setPostLogoutRedirectUri(String postLogoutRedirectUri) { - this.postLogoutRedirectUri = postLogoutRedirectUri; + public void setPostLogoutRedirectUris(Set postLogoutRedirectUri) { + this.postLogoutRedirectUris = postLogoutRedirectUri; } /** diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java index 50a2cd3d1..c42ff160f 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java @@ -549,17 +549,17 @@ public class RegisteredClient { } /** * @return - * @see org.mitre.oauth2.model.ClientDetailsEntity#getPostLogoutRedirectUri() + * @see org.mitre.oauth2.model.ClientDetailsEntity#getPostLogoutRedirectUris() */ - public String getPostLogoutRedirectUri() { - return client.getPostLogoutRedirectUri(); + public Set getPostLogoutRedirectUris() { + return client.getPostLogoutRedirectUris(); } /** * @param postLogoutRedirectUri - * @see org.mitre.oauth2.model.ClientDetailsEntity#setPostLogoutRedirectUri(java.lang.String) + * @see org.mitre.oauth2.model.ClientDetailsEntity#setPostLogoutRedirectUris(java.lang.String) */ - public void setPostLogoutRedirectUri(String postLogoutRedirectUri) { - client.setPostLogoutRedirectUri(postLogoutRedirectUri); + public void setPostLogoutRedirectUris(Set postLogoutRedirectUri) { + client.setPostLogoutRedirectUris(postLogoutRedirectUri); } /** * @return diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java index fe3f09368..2a4418a4d 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java @@ -137,7 +137,7 @@ public class ClientDetailsEntityJsonProcessor { c.setDefaultACRvalues(getAsStringSet(o, "default_acr_values")); c.setInitiateLoginUri(getAsString(o, "initiate_login_uri")); - c.setPostLogoutRedirectUri(getAsString(o, "post_logout_redirect_uri")); + c.setPostLogoutRedirectUris(getAsStringSet(o, "post_logout_redirect_uris")); c.setRequestUris(getAsStringSet(o, "request_uris")); return c; @@ -241,7 +241,7 @@ public class ClientDetailsEntityJsonProcessor { o.addProperty("require_auth_time", c.getRequireAuthTime()); o.add("default_acr_values", getAsArray(c.getDefaultACRvalues())); o.addProperty("initiate_login_uri", c.getInitiateLoginUri()); - o.addProperty("post_logout_redirect_uri", c.getPostLogoutRedirectUri()); + o.add("post_logout_redirect_uris", getAsArray(c.getPostLogoutRedirectUris())); o.add("request_uris", getAsArray(c.getRequestUris())); return o; } diff --git a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql index 50cc80161..c663f5021 100644 --- a/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql +++ b/openid-connect-server-webapp/src/main/resources/db/tables/hsql_database_tables.sql @@ -122,6 +122,11 @@ CREATE TABLE IF NOT EXISTS client_request_uri ( request_uri VARCHAR(2000) ); +CREATE TABLE IF NOT EXISTS client_post_logout_redirect_uri ( + owner_id BIGINT, + post_logout_redirect_uri VARCHAR(2000) +); + CREATE TABLE IF NOT EXISTS client_default_acr_value ( owner_id BIGINT, default_acr_value VARCHAR(2000) diff --git a/openid-connect-server-webapp/src/main/resources/db/tables/mysql_database_tables.sql b/openid-connect-server-webapp/src/main/resources/db/tables/mysql_database_tables.sql index f90feda7a..e6afeed19 100644 --- a/openid-connect-server-webapp/src/main/resources/db/tables/mysql_database_tables.sql +++ b/openid-connect-server-webapp/src/main/resources/db/tables/mysql_database_tables.sql @@ -137,6 +137,11 @@ CREATE TABLE IF NOT EXISTS client_redirect_uri ( redirect_uri VARCHAR(2048) ); +CREATE TABLE IF NOT EXISTS client_post_logout_redirect_uri ( + owner_id BIGINT, + post_logout_redirect_uri VARCHAR(2000) +); + CREATE TABLE IF NOT EXISTS refresh_token ( id BIGINT AUTO_INCREMENT PRIMARY KEY, token_value VARCHAR(4096), diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/client.js b/openid-connect-server-webapp/src/main/webapp/resources/js/client.js index 790f5d3f7..cbcd79f26 100644 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/client.js +++ b/openid-connect-server-webapp/src/main/webapp/resources/js/client.js @@ -70,7 +70,7 @@ var ClientModel = Backbone.Model.extend({ defaultACRvalues:null, initiateLoginUri:"", - postLogoutRedirectUri:"", + postLogoutRedirectUris:[], requestUris:[], @@ -611,6 +611,7 @@ var ClientFormView = Backbone.View.extend({ this.contactsCollection = new Backbone.Collection(); this.defaultAcrValuesCollection = new Backbone.Collection(); this.requestUrisCollection = new Backbone.Collection(); + this.postLogoutRedirectUrisCollection = new Backbone.Collection(); // TODO: add Spring authorities collection and resource IDs collection? // collection of sub-views that need to be sync'd on save @@ -904,7 +905,7 @@ var ClientFormView = Backbone.View.extend({ responseTypes: responseTypes, sectorIdentifierUri: $('#sectorIdentifierUri input').val(), initiateLoginUri: $('#initiateLoginUri input').val(), - postLogoutRedirectUri: $('#postLogoutRedirectUri input').val(), + postLogoutRedirectUris: this.postLogoutRedirectUrisCollection.pluck('item'), reuseRefreshToken: $('#reuseRefreshToken').is(':checked'), requireAuthTime: $('#requireAuthTime input').is(':checked'), defaultMaxAge: parseInt($('#defaultMaxAge input').val()), @@ -1039,6 +1040,18 @@ var ClientFormView = Backbone.View.extend({ $("#contacts .controls", this.el).html(contactsView.render().el); this.listWidgetViews.push(contactsView); + // build and bind post-logout redirect URIs + _.each(this.model.get('postLogoutRedirectUris'), function(postLogoutRedirectUri) { + _self.postLogoutRedirectUrisCollection.add(new URIModel({item:postLogoutRedirectUri})); + }); + + var postLogoutRedirectUrisView = new ListWidgetView({ + type: 'uri', + placeholder: 'https://', + helpBlockText: $.t('client.client-form.post-logout-help'), + collection: this.postLogoutRedirectUrisCollection}); + $('#postLogoutRedirectUri .controls', this.el).html(postLogoutRedirectUrisView.render().el); + this.listWidgetViews.push(postLogoutRedirectUrisView); // build and bind request URIs _.each(this.model.get('requestUris'), function (requestUri) { diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/client.html b/openid-connect-server-webapp/src/main/webapp/resources/template/client.html index 5a5df66f7..e78ed0d53 100644 --- a/openid-connect-server-webapp/src/main/webapp/resources/template/client.html +++ b/openid-connect-server-webapp/src/main/webapp/resources/template/client.html @@ -703,8 +703,6 @@
- -

URL to redirect the client to after a logout operation

diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java index 1b6d32b83..25d4e6363 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java @@ -398,7 +398,7 @@ public class MITREidDataService_1_2 extends MITREidDataService_1_X { writer.name("defaultACRValues"); writeNullSafeArray(writer, client.getDefaultACRvalues()); writer.name("intitateLoginUri").value(client.getInitiateLoginUri()); - writer.name("postLogoutRedirectUri").value(client.getPostLogoutRedirectUri()); + writer.name("postLogoutRedirectUri").value(client.getPostLogoutRedirectUris()); writer.name("requestUris"); writeNullSafeArray(writer, client.getRequestUris()); writer.name("description").value(client.getClientDescription()); @@ -1022,7 +1022,7 @@ public class MITREidDataService_1_2 extends MITREidDataService_1_X { } else if (name.equals("initiateLoginUri")) { client.setInitiateLoginUri(reader.nextString()); } else if (name.equals("postLogoutRedirectUri")) { - client.setPostLogoutRedirectUri(reader.nextString()); + client.setPostLogoutRedirectUris(reader.nextString()); } else if (name.equals("requestUris")) { Set requestUris = readSet(reader); client.setRequestUris(requestUris); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java index 7dfa73a9b..ea54e4f09 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java @@ -147,7 +147,7 @@ public class ProtectedResourceRegistrationEndpoint { newClient.setIdTokenEncryptedResponseEnc(null); newClient.setIdTokenSignedResponseAlg(null); newClient.setInitiateLoginUri(null); - newClient.setPostLogoutRedirectUri(null); + newClient.setPostLogoutRedirectUris(null); newClient.setRequestObjectSigningAlg(null); newClient.setRequireAuthTime(null); newClient.setReuseRefreshToken(false); @@ -314,7 +314,7 @@ public class ProtectedResourceRegistrationEndpoint { newClient.setIdTokenEncryptedResponseEnc(null); newClient.setIdTokenSignedResponseAlg(null); newClient.setInitiateLoginUri(null); - newClient.setPostLogoutRedirectUri(null); + newClient.setPostLogoutRedirectUris(null); newClient.setRequestObjectSigningAlg(null); newClient.setRequireAuthTime(null); newClient.setReuseRefreshToken(false);