search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
6.36k stars 938 forks source link

End session on SSO when logging out of OpenCTI #2571

Open fdevillard opened 1 year ago

fdevillard commented 1 year ago

Use case

When the user logs out of OpenCTI, I would like to log her out of the SSO entirely.

Current Workaround

None that I'm aware.

Proposed Solution

Add an optional post-logout URL. This could possibly be added as a redirection here.

For OIDC, the URL can be something like:

https://$ssoUrl/auth/realms/$realm/protocol/openid-connect/logout?post_logout_redirect_uri=$openctiUrl

If the feature request is approved, would you be willing to submit a PR?

Yes

SamuelHassine commented 1 year ago

Implement this as a global settings of the platform:

fdevillard commented 1 year ago

The proposed solution doesn't work (i.e. adding a redirect here).

Apparently, apollo has already started to send the http response at this stage. As such, it can't perform the redirect (as it involves the header).

An alternative is to have a dedicated logout endpoint that handles the redirect. An other idea?