Open btsherid opened 1 week ago
I'll have to look into it. It sounds like a bug. I take it that you're not using OIDC?
Correct. We have historically been using LDAP but just switched to Shibboleth this morning.
I'll take a look. My guess is it's meant to be an OIDC thing so it takes some liberties. How can you logout with Shibboleth? I mean did you have to create a /logout
Location or similar?
When we install Shibboleth, it creates the necessary Apache Locations. So when it comes to OnDemand, I just have to specify /logout to redirect to /Shibboleth.sso/Logout
OK - if you already have the route - I wonder if you need the ood_portal.yml
config at all. I mean, if it's on your menu as /Shibboleth.sso/Logout
do you need the redirect?
I think that would be fine, but I don't know how to configure that. The logout button on the dashboard currently points to /logout. If I could change that to /Shibboleth.sso/Logout, then yes, I wouldn't need to worry about the redirect.
🤦♂️ yes you appear to be right. It looks to be hard coded.
Here's what you can do in the interim that will survive upgrades (i.e., you're not modifying the source code that'll get overwritten when you update, you're supplying a config that won't be touched when you upgrade).
Take this file that I've linked (or copy the file you have on your system) and follow this documentation here. The documentation's example is about supplying a new footer, but the message is the same - you want to supply a new partial for this navigation bar entry and change the href
to /Shibboleth.sso/Logout
.
https://osc.github.io/ood-documentation/latest/customizations.html#overriding-pages
OK, so the URL is hard coded which makes that option more difficult.
The other option is to get /opt/ood/ood-portal-generator/sbin/update_ood_portal
to correctly update the redirect. Any ideas on that? I tested and logout_uri correctly updates the Apache file, but logout_redirect does not.
Thanks, Brendan
OK, so the URL is hard coded which makes that option more difficult.
It's hard coded in the partial we ship. You can override the partial we ship to correct it. I think this is your best route because it's upgrade safe.
You've likely found a bug which means any updates you make are going to get wiped out when you upgrade, or worse create new bugs.
Got it. I was able to override the partial and set the login button to the correct URL.
Hi,
I'm having an issue where the update_ood_portal script is not updating the logout_redirect directive in the Apache configuration.
This is how I expect things to work:
/etc/ood/config/ood_portal.yml
/opt/ood/ood-portal-generator/sbin/update_ood_portal
runs without errorsRedirect "/logout"
line in/etc/httpd/conf.d/ood-portal.conf
should update to match what is configured for logout_redirect in/etc/httpd/conf.d/ood-portal.conf
What I'm actually seeing:
/etc/ood/config/ood_portal.yml
/opt/ood/ood-portal-generator/sbin/update_ood_portal
runs without errorsRedirect "/logout"
line in/etc/httpd/conf.d/ood-portal.conf
is alwaysRedirect "/logout" "/oidc?logout=https%3A%2F%2F\<\<server FQDN>>"
The end result is that the logout button does not work until I manually edit the
Redirect "/logout"
line in/etc/httpd/conf.d/ood-portal.conf
and restart httpd. So my logout button is currently working using the manual edit workaround, but I know that is not the recommended way to update this.I do not seem to have this issue with any other directive in
/etc/ood/config/ood_portal.yml