johrstrom
commented
1 week ago I'll have to look into it. It sounds like a bug. I take it that you're not using OIDC?
Open btsherid opened 1 week ago
johrstrom
commented
1 week ago I'll have to look into it. It sounds like a bug. I take it that you're not using OIDC?
btsherid
commented
1 week ago Correct. We have historically been using LDAP but just switched to Shibboleth this morning.
johrstrom
commented
1 week ago I'll take a look. My guess is it's meant to be an OIDC thing so it takes some liberties. How can you logout with Shibboleth? I mean did you have to create a /logout Location or similar?
btsherid
commented
1 week ago When we install Shibboleth, it creates the necessary Apache Locations. So when it comes to OnDemand, I just have to specify /logout to redirect to /Shibboleth.sso/Logout
johrstrom
commented
1 week ago OK - if you already have the route - I wonder if you need the ood_portal.yml config at all. I mean, if it's on your menu as /Shibboleth.sso/Logout do you need the redirect?
btsherid
commented
1 week ago I think that would be fine, but I don't know how to configure that. The logout button on the dashboard currently points to /logout. If I could change that to /Shibboleth.sso/Logout, then yes, I wouldn't need to worry about the redirect.
johrstrom
commented
1 week ago 🤦♂️ yes you appear to be right. It looks to be hard coded.
Here's what you can do in the interim that will survive upgrades (i.e., you're not modifying the source code that'll get overwritten when you update, you're supplying a config that won't be touched when you upgrade).
Take this file that I've linked (or copy the file you have on your system) and follow this documentation here. The documentation's example is about supplying a new footer, but the message is the same - you want to supply a new partial for this navigation bar entry and change the href to /Shibboleth.sso/Logout.
https://osc.github.io/ood-documentation/latest/customizations.html#overriding-pages
btsherid
commented
1 week ago OK, so the URL is hard coded which makes that option more difficult.
The other option is to get /opt/ood/ood-portal-generator/sbin/update_ood_portal to correctly update the redirect. Any ideas on that? I tested and logout_uri correctly updates the Apache file, but logout_redirect does not.
Thanks, Brendan
johrstrom
commented
1 week ago OK, so the URL is hard coded which makes that option more difficult.
It's hard coded in the partial we ship. You can override the partial we ship to correct it. I think this is your best route because it's upgrade safe.
You've likely found a bug which means any updates you make are going to get wiped out when you upgrade, or worse create new bugs.
btsherid
commented
1 week ago Got it. I was able to override the partial and set the login button to the correct URL.
Hi,
I'm having an issue where the update_ood_portal script is not updating the logout_redirect directive in the Apache configuration.
This is how I expect things to work:
/etc/ood/config/ood_portal.yml/opt/ood/ood-portal-generator/sbin/update_ood_portalruns without errorsRedirect "/logout"line in/etc/httpd/conf.d/ood-portal.confshould update to match what is configured for logout_redirect in/etc/httpd/conf.d/ood-portal.confWhat I'm actually seeing:
/etc/ood/config/ood_portal.yml/opt/ood/ood-portal-generator/sbin/update_ood_portalruns without errorsRedirect "/logout"line in/etc/httpd/conf.d/ood-portal.confis alwaysRedirect "/logout" "/oidc?logout=https%3A%2F%2F\<\<server FQDN>>"The end result is that the logout button does not work until I manually edit the
Redirect "/logout"line in/etc/httpd/conf.d/ood-portal.confand restart httpd. So my logout button is currently working using the manual edit workaround, but I know that is not the recommended way to update this.I do not seem to have this issue with any other directive in
/etc/ood/config/ood_portal.yml