From df3bf17534e94203ffdc1d06112ab45afb1679c7 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Thu, 4 Nov 2021 12:23:34 +0100
Subject: [PATCH] Define a preauth logout URL.

---
 defaults/main.yml                | 3 +--
 templates/settings.properties.j2 | 5 +++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 644b006..106802c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -33,6 +33,7 @@ keycloak_auth_server: https://localhost
 inception_project_server_auth_mode: 'database'
 inception_project_server_preauth_header: 'remote_user'
 inception_project_server_preauth_default_roles: ''
+inception_project_server_preauth_logout_url: ""
 inception_project_server_preauth_users_roles: []
 # - { username: 'user', roles: 'ROLE_PROJECT_CREATOR,ROLE_ADMIN' }
 # DB
@@ -61,8 +62,6 @@ inception_project_settings:
   - 'backup.keep.number={{ inception_project_backup_keep_number }}'
   - 'backup.keep.time={{ inception_project_backup_keep_time }}'
   - 'auth.mode={{ inception_project_server_auth_mode }}'
-  - 'auth.preauth.header.principal={{ inception_project_server_preauth_header }}'
-  - 'auth.preauth.newuser.roles={{ inception_project_server_preauth_default_roles }}'
   - 'warnings.embeddedDatabase=true'
   - 'versioning.enabled={{ inception_project_versioning_enabled }}'
   - 'websocket.enabled={{ inception_project_websockets_enabled }}'
diff --git a/templates/settings.properties.j2 b/templates/settings.properties.j2
index b178048..b93acf7 100644
--- a/templates/settings.properties.j2
+++ b/templates/settings.properties.j2
@@ -2,9 +2,14 @@ warnings.unsupportedBrowser=false
 {% for setting in inception_project_settings %}
 {{ setting }}
 {% endfor %}
+{% if inception_project_server_auth_mode == "preauth" %}
+auth.preauth.header.principal={{ inception_project_server_preauth_header }}
+auth.preauth.logoutUrl={{ inception_project_server_preauth_logout_url }}
+auth.preauth.newuser.roles={{ inception_project_server_preauth_default_roles }}
 {% for user_role in inception_project_server_preauth_users_roles %}
 auth.user.{{ user_role.username }}.roles={{ user_role.roles }}
 {% endfor %}
+{% endif %}
 {% if inception_project_disable_crsf %}
 wicket.core.csrf.enabled=false
 wicket.core.csrf.no-origin-action=allow