Rename ScopeReader to PropertyReader. Add redirect method in order to handle logout without redirect functionality. Extend logout successfull handler.

src/main/java/eu/dnetlib/loginservice/controllers/HealthController.java

@@ -38,6 +38,7 @@ public class HealthController {
         response.put("authentication.oidc.issuer", properties.getOidc().getIssuer());
         response.put("authentication.oidc.logout", properties.getOidc().getLogout());
         response.put("authentication.oidc.home", properties.getOidc().getHome());
+        response.put("authentication.oidc.redirect", properties.getOidc().getRedirect());
         response.put("authentication.oidc.scope", properties.getOidc().getScope());
         response.put("authentication.oidc.id", properties.getOidc().getId());
         response.put("authentication.oidc.secret", properties.getOidc().getSecret());

src/main/java/eu/dnetlib/loginservice/controllers/UserController.java

@@ -1,6 +1,7 @@
 package eu.dnetlib.loginservice.controllers;
 
 import eu.dnetlib.loginservice.entities.User;
+import eu.dnetlib.loginservice.properties.Properties;
 import eu.dnetlib.loginservice.services.UserInfoService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
@@ -8,18 +9,37 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+
 @RestController
 public class UserController {
     
     private final UserInfoService userInfoService;
+    private final Properties properties;
 
     @Autowired
-    public UserController(UserInfoService userInfoService) {
+    public UserController(UserInfoService userInfoService, Properties properties) {
         this.userInfoService = userInfoService;
+        this.properties = properties;
     }
 
     @RequestMapping(value = "/userInfo", method = RequestMethod.GET)
     public ResponseEntity<User> getUserInfo() {
         return ResponseEntity.ok(userInfoService.getUserInfo());
     }
+
+    @RequestMapping(value = "/redirect",method = RequestMethod.GET)
+    public void redirect(HttpServletRequest request, HttpServletResponse response) throws IOException {
+        HttpSession session = request.getSession();
+        String redirect = (String) session.getAttribute("redirect");
+        session.removeAttribute("redirect");
+        if(redirect == null) {
+            redirect = properties.getRedirect();
+        }
+        session.invalidate();
+        response.sendRedirect(redirect);
+    }
 }

src/main/java/eu/dnetlib/loginservice/properties/OIDC.java

@@ -4,6 +4,7 @@ public class OIDC {
 
     private String issuer;
     private String home;
+    private String redirect;
     private String id;
     private String secret;
     private String scope = "";
@@ -25,6 +26,14 @@ public class OIDC {
         this.home = home;
     }
 
+    public String getRedirect() {
+        return redirect;
+    }
+
+    public void setRedirect(String redirect) {
+        this.redirect = redirect;
+    }
+
     public String getId() {
         return id;
     }

src/main/java/eu/dnetlib/loginservice/security/initiliazers/Configurations.java

@@ -1,29 +1,28 @@
 package eu.dnetlib.loginservice.security.initiliazers;
 
-import com.sun.org.apache.xpath.internal.operations.Bool;
 import eu.dnetlib.loginservice.properties.Properties;
 import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthoritiesMapper;
-import eu.dnetlib.loginservice.utils.ScopeReader;
+import eu.dnetlib.loginservice.utils.PropertyReader;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.RegisteredClient;
 import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
 import org.mitre.openid.connect.config.ServerConfiguration;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
-import java.util.Collections;
+import java.util.Arrays;
+import java.util.HashSet;
 
 @Configuration
 public class Configurations {
 
     private final Properties properties;
-    private final ScopeReader scopeReader;
+    private final PropertyReader scopeReader;
     private final OpenAIREAuthoritiesMapper authoritiesMapper;
 
     @Autowired
-    public Configurations(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper, ScopeReader scopeReader) {
+    public Configurations(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper, PropertyReader scopeReader) {
         this.properties = properties;
         this.scopeReader = scopeReader;
         this.authoritiesMapper = authoritiesMapper;
@@ -44,7 +43,6 @@ public class Configurations {
         ServerConfiguration serverConfiguration = new ServerConfiguration();
         serverConfiguration.setIssuer(issuer);
         Boolean keycloak = properties.getKeycloak();
-
         if(keycloak) {
             serverConfiguration.setAuthorizationEndpointUri(issuer + "/protocol/openid-connect/auth");
             serverConfiguration.setTokenEndpointUri(issuer + "/protocol/openid-connect/token");
@@ -56,7 +54,6 @@ public class Configurations {
             serverConfiguration.setUserInfoUri(issuer + "userinfo");
             serverConfiguration.setJwksUri(issuer + "jwk");
         }
-
         serverConfiguration.setRevocationEndpointUri(issuer + "revoke");
         return serverConfiguration;
     }
@@ -68,7 +65,7 @@ public class Configurations {
         client.setClientSecret(properties.getOidc().getSecret());
         client.setScope(scopeReader.getScopes());
         client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.SECRET_BASIC);
-        client.setRedirectUris(Collections.singleton(properties.getOidc().getHome()));
+        client.setRedirectUris(new HashSet<>(Arrays.asList(properties.getOidc().getHome(), properties.getOidc().getRedirect())));
         return client;
     }
 }

src/main/java/eu/dnetlib/loginservice/security/initiliazers/Primitives.java

@@ -1,10 +1,8 @@
 package eu.dnetlib.loginservice.security.initiliazers;
 
 import eu.dnetlib.loginservice.properties.Properties;
-import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthoritiesMapper;
 import eu.dnetlib.loginservice.utils.EntryPoint;
-import eu.dnetlib.loginservice.utils.ScopeReader;
+import eu.dnetlib.loginservice.utils.PropertyReader;
-import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
 import org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder;
 import org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService;
 import org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService;
@@ -25,8 +23,8 @@ public class Primitives {
     }
 
     @Bean
-    public ScopeReader scopeReader() {
+    public PropertyReader scopeReader() {
-        return new ScopeReader(this.properties.getOidc().getScope());
+        return new PropertyReader(this.properties.getOidc().getScope());
     }
 
     @Bean

src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIRELogoutSuccessHandler.java

@@ -30,13 +30,25 @@ public class OpenAIRELogoutSuccessHandler implements LogoutSuccessHandler {
 
     @Override
     public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
-        HttpSession session = request.getSession();
+        if(properties.getOidc().getRedirect() == null) {
-        String redirect = (String) session.getAttribute("redirect");
+            HttpSession session = request.getSession();
-        session.removeAttribute("redirect");
+            String redirect = (String) session.getAttribute("redirect");
-        if(redirect == null) {
+            session.removeAttribute("redirect");
-            redirect = properties.getRedirect();
+            if(redirect == null) {
+                redirect = properties.getRedirect();
+            }
+            session.invalidate();
+            response.sendRedirect(properties.getOidc().getLogout() + encodeValue(redirect));
+        } else {
+            StringBuilder sb = new StringBuilder(properties.getOidc().getIssuer());
+            if(properties.getKeycloak()) {
+                sb.append("/protocol/openid-connect/logout");
+                sb.append("?client_id=").append(properties.getOidc().getId());
+                sb.append("&post_logout_redirect_uri=").append(encodeValue(properties.getOidc().getRedirect()));
+            } else {
+                sb.append("/saml/logout");
+            }
+            response.sendRedirect(sb.toString());
         }
-        session.invalidate();
-        response.sendRedirect(properties.getOidc().getLogout() + encodeValue(redirect));
     }
 }

src/main/java/eu/dnetlib/loginservice/utils/PropertyReader.java

@@ -4,11 +4,11 @@ import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
 
-public class ScopeReader {
+public class PropertyReader {
 
     Set<String> scopes;
 
-    public ScopeReader(String property) {
+    public PropertyReader(String property) {
         if (!property.trim().isEmpty()){
             scopes = new HashSet<>();
             Collections.addAll(scopes, property.split(","));

src/main/resources/authentication.properties

@@ -4,6 +4,7 @@ authentication.keycloak=false
 authentication.oidc.issuer=https://aai.openaire.eu/oidc/
 authentication.oidc.logout=https://aai.openaire.eu/proxy/saml2/idp/SingleLogoutService.php?ReturnTo=
 authentication.oidc.home=http://mpagasas.di.uoa.gr:19080/login-service/openid_connect_login
+authentication.oidc.redirect=http://mpagasas.di.uoa.gr:19080/login-service/redirect
 authentication.oidc.scope=openid,profile,email,eduperson_entitlement
 authentication.oidc.id=id
 authentication.oidc.secret=secret