Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FIXES #2408] Refresh Token and Logout OIDC requests #354

Merged
merged 4 commits into from
May 15, 2024
Merged

[FIXES #2408] Refresh Token and Logout OIDC requests #354

merged 4 commits into from
May 15, 2024

Conversation

afabiani
Copy link
Member

@afabiani afabiani commented May 7, 2024
edited by offtherailz
Loading

Fixes

  • Fix refresh token issue (actually the refresh do not work, so you are logged out after few seconds) An 500 error happens on /refreshToken endpoint call - up to @afabiani - note: I verified this happens also for keycloak
java.lang.NullPointerException
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2SessionServiceDelegate.retrieveAccessToken(OAuth2SessionServiceDelegate.java:196)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2SessionServiceDelegate.refresh(OAuth2SessionServiceDelegate.java:96)
	it.geosolutions.geostore.services.rest.impl.RESTSessionServiceImpl.refresh(RESTSessionServiceImpl.java:199)
	it.geosolutions.geostore.services.rest.impl.RESTSessionServiceImpl.refresh(RESTSessionServiceImpl.java:226)
	java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	java.base/java.lang.reflect.Method.invoke(Method.java:566)
	org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
  • Check logout correctness (Actually it logs out from MapStore, but as well as you click again on login, you are not asked for password anymore (that should be correct in some way, let' see).

Notes

If you want this one to be working correctly, you must update your local spring-security configuration as follows:

    <security:http auto-config="true" create-session="never">
        <security:http-basic entry-point-ref="restAuthenticationEntryPoint"/>
        <security:csrf disabled="true"/>
        <security:custom-filter ref="authenticationTokenProcessingFilter" before="FORM_LOGIN_FILTER"/>
        <security:custom-filter ref="sessionTokenProcessingFilter" after="FORM_LOGIN_FILTER"/>
        <security:custom-filter ref="oidcOpenIdFilter" position="OPENID_FILTER"/>
        <security:anonymous />
    </security:http>

Partially fix geosolutions-it/MapStore2#10151

@afabiani afabiani requested a review from offtherailz May 7, 2024 13:56
@afabiani afabiani self-assigned this May 7, 2024
@tdipisa
Copy link
Member

tdipisa commented May 7, 2024
edited
Loading

@offtherailz thanks the new openid connect client implemented by @afabiani, we should probably to mark the other google and keycloak specific as deprecated in favor of this and the dev guide updated accordingly. What do you think?

offtherailz
offtherailz requested changes May 15, 2024
View reviewed changes
Copy link
Member

@offtherailz offtherailz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After these changes, I have the "no access token found error", on first login.
I verified that this doesn't happen with previous implementation (but we had only the refresh token issue).
The filters should be all present. We need to be able to externalize the configuration for the provider choosen.
Logout should be forwarded to the provider, if logoutURL is configured.

@offtherailz offtherailz self-requested a review May 15, 2024 16:22
@offtherailz offtherailz merged commit 16bbce6 into master May 15, 2024
2 checks passed
@afabiani afabiani deleted the ISSUE_2408 branch May 16, 2024 06:05
@offtherailz offtherailz mentioned this pull request May 16, 2024
Merged
17 tasks
@tdipisa tdipisa added this to the 2024.02.00 milestone Jul 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@offtherailz offtherailz Awaiting requested review from offtherailz

Assignees

@afabiani afabiani

Labels
C206-DEUTSCHE_BAHN-2024-SUPPORT Priority: High
Projects
None yet
Milestone
2024.02.00
Development

Successfully merging this pull request may close these issues.

OpenID generic provider support
3 participants
@afabiani @tdipisa @offtherailz