Oidc features

front/logout.php

@@ -83,6 +83,7 @@
       $oidc_db['ClientID'] = $iterator['ClientID'];
       $oidc_db['ClientSecret'] = $iterator['ClientSecret'];
       $oidc_db['scope'] = explode(',', addslashes($iterator['scope']));
+      $oidc_db['logout'] = empty($iterator['logout']) ? null : $iterator['logout'];
    }
 
    if (isset($oidc_db)) {
@@ -92,7 +93,7 @@
       Session::destroy();
       Auth::setRememberMeCookie('');
 
-      $oidc->signOut($sid, $CFG_GLPI["url_base"]."/index.php".$toADD);
+      $oidc->signOut($sid, $oidc_db['logout'] ?? $CFG_GLPI["url_base"]."/index.php".$toADD);
    }
 }
 

inc/auth.class.php

@@ -1671,21 +1671,23 @@ static function showAuthOIDCConfig() {
             'is_forced'  => $_POST["forceoidc"],
             'scope'  => $_POST["scope"],
             'proxy'  => $_POST["proxy"],
-            'cert'  => $_POST["cert"]
+            'cert'  => $_POST["cert"],
+            'logout'  => $_POST["logout"],
          ];
         $DB->updateOrInsert("glpi_oidc_config", $oidc_result, ['id'   => 0]);
       }
       $criteria = "SELECT * FROM glpi_oidc_config";
       $iterators = $DB->request($criteria);
       foreach($iterators as $iterator) {
-          $oidc_db['Provider'] = $iterator['Provider'];
-          $oidc_db['ClientID'] = $iterator['ClientID'];
-          $oidc_db['ClientSecret'] = $iterator['ClientSecret'];
-          $oidc_db['is_activate'] = $iterator['is_activate'];
-          $oidc_db['is_forced'] = $iterator['is_forced'];
-          $oidc_db['scope'] = $iterator['scope'];
-          $oidc_db['proxy'] = $iterator['proxy'];
-          $oidc_db['cert'] = $iterator['cert'];
+         $oidc_db['Provider'] = $iterator['Provider'];
+         $oidc_db['ClientID'] = $iterator['ClientID'];
+         $oidc_db['ClientSecret'] = $iterator['ClientSecret'];
+         $oidc_db['is_activate'] = $iterator['is_activate'];
+         $oidc_db['is_forced'] = $iterator['is_forced'];
+         $oidc_db['scope'] = $iterator['scope'];
+         $oidc_db['proxy'] = $iterator['proxy'];
+         $oidc_db['cert'] = $iterator['cert'];
+         $oidc_db['logout'] = $iterator['logout'];
       }
 
 
@@ -1769,6 +1771,15 @@ static function showAuthOIDCConfig() {
        echo "<input type='text' id='cert' name='cert' placeholder='/path/to/my.cert'>";
    }
       echo "</td></tr>";
+
+      echo "<tr class='tab_bg_1'>";
+      echo "<td>" . __('Logout URL') . "</td>";
+      echo "<td>";
+   if (isset($oidc_db['logout'])) {
+       echo "<input type='text' id='logout' name='logout'value=". str_replace(' ', '', $oidc_db['logout']) .">";
+   } else {
+       echo "<input type='text' id='logout' name='logout' placeholder='https://logout.url'>";
+   }
 
       echo "<tr class='tab_bg_2'><td class='center' colspan='4'>";
       echo "<input type='submit' name='update' class='submit' value=\"".__s('Save')."\">" . '&nbsp;';

inc/oidc.class.php

@@ -144,6 +144,12 @@ static function auth()
       }
 
       if (!$user->getFromDB($ID)) {
+         Html::nullHeader("Login", $CFG_GLPI["root_doc"] . '/index.php');
+         echo '<div class="center b">';
+         echo __('Could not access user from mappings');
+         echo '<p><a href="' . $CFG_GLPI['root_doc'] . "/index.php" . '">' . __('Log in again') . '</a></p>';
+         echo '</div>';
+         Html::nullFooter();
          die;
       }
 

inc/update.class.php

@@ -530,6 +530,8 @@ public function doUpdates($current_version = null) {
              update150to151();
 
          case "1.6.0":
+            include_once "{$updir}itsm_update_160_161.php";
+            update160to161();
             continue;
 
          case ITSM_VERSION:

index.php

@@ -122,8 +122,9 @@
    }
 
    if (isset($is_activate) && $is_activate) {
-      if ($is_forced && !isset($_GET["noAUTO"]))
-         Html::redirect("front/oidc.php");
+      if ($is_forced && !isset($_GET["noAUTO"])) {
+         Html::redirect("front/oidc.php" . (isset($_GET['redirect']) ? "?redirect=".Html::entities_deep($_GET['redirect']) : ""));
+      }
       echo "<form method='post' action='./index.php'>";
       if (isset($_GET['redirect'])) {
          echo "<input type='hidden' name='redirect' value='".Html::entities_deep($_GET['redirect'])."'/>";

install/itsm_update_160_161.php

@@ -0,0 +1,55 @@
+<?php
+/**
+ * ---------------------------------------------------------------------
+ * ITSM-NG
+ * Copyright (C) 2022 ITSM-NG and contributors.
+ *
+ * https://www.itsm-ng.org
+ *
+ * based on GLPI - Gestionnaire Libre de Parc Informatique
+ * Copyright (C) 2003-2014 by the INDEPNET Development Team.
+ *
+ * ---------------------------------------------------------------------
+ *
+ * LICENSE
+ *
+ * This file is part of ITSM-NG.
+ *
+ * ITSM-NG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * ITSM-NG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with ITSM-NG. If not, see <http://www.gnu.org/licenses/>.
+ * ---------------------------------------------------------------------
+ */
+
+/**
+ * Update ITSM-NG from 1.6.0 to 1.6.1
+ *
+ * @return bool for success (will die for most error)
+ **/
+function update160to161() {
+    /** @global Migration $migration */
+    global $DB, $migration;
+
+    $updateresult     = true;
+
+    $migration->displayTitle(sprintf(__('Update to %s'), '1.6.1'));
+    $migration->setVersion('1.6.1');
+
+    if(!$DB->fieldExists('glpi_oidc_config', 'logout')) {
+        $query = "ALTER TABLE `glpi_oidc_config` ADD COLUMN (`logout` varchar(255) DEFAULT NULL)";
+        $DB->queryOrDie($query, "erreur lors de la mise a jour de la table de glpi_oidc_config".$DB->error());
+    }
+
+    // ************ Keep it at the end **************
+    $migration->executeMigration();
+    return $updateresult;
+}

install/mysql/glpi-empty.sql

@@ -8222,6 +8222,7 @@ CREATE TABLE IF NOT EXISTS `glpi_oidc_config` (
         `ClientSecret` varchar(255) DEFAULT NULL,
         `proxy` varchar(255) DEFAULT NULL,
         `cert` varchar(255) DEFAULT NULL,
+        `logout` varchar(255) DEFAULT NULL,
         `is_activate`   TINYINT(1) NOT NULL DEFAULT 0,
         `is_forced`   TINYINT(1) NOT NULL DEFAULT 0,
         `scope` varchar(255) DEFAULT NULL,

locales/fr_FR.po

@@ -23555,3 +23555,11 @@ msgstr "Changer le zoom"
 #: inc/profile.class.php:1771
 msgid "Use shortcuts"
 msgstr "Utiliser les raccourcis"
+
+#: inc/auth.class.php:1776
+msgid "Logout URL"
+msgstr "URL de déconnexion"
+
+#: inc/oidc.class.php:149
+msgid "Could not access user from mappings"
+msgstr "Impossible d'accéder à l'utilisateur depuis les mappages"

locales/glpi.pot

@@ -22955,4 +22955,16 @@ msgstr ""
 
 #: inc/auth.class.php:1732
 msgid "Mapping"
+msgstr ""
+
+#: inc/auth.class.php:1732
+msgid "Mapping"
+msgstr ""
+
+#: inc/auth.class.php:1776
+msgid "Logout URL"
+msgstr ""
+
+#: inc/oidc.class.php:149
+msgid "Could not access user from mappings"
 msgstr ""