From 26ae2bff7c85d2b5f0dadf63b38ecd33bea6b74c Mon Sep 17 00:00:00 2001
From: DiegolAmaral <114777317+Diogo-Rego@users.noreply.github.com>
Date: Wed, 2 Oct 2024 11:24:12 +0000
Subject: [PATCH] Add OIDC Custom Logout URL (#148)

* Add oidc logout url to env and docker image

* Set the custom logout URL if OIDC_LOGOUT_URL is defined

---------

Co-authored-by: diegolamaral <diego.arruda.amaral@gmail.com>
---
 core/files/configure_misp.sh | 7 +++++++
 docker-compose.yml           | 1 +
 template.env                 | 1 +
 3 files changed, 9 insertions(+)

diff --git a/core/files/configure_misp.sh b/core/files/configure_misp.sh
index 648bbfc..3c1ca02 100755
--- a/core/files/configure_misp.sh
+++ b/core/files/configure_misp.sh
@@ -103,6 +103,13 @@ set_up_oidc() {
         }
     }" > /dev/null
 
+    # Set the custom logout URL for the OIDC plugin only if OIDC_LOGOUT_URL is defined
+    if [[ -n "${OIDC_LOGOUT_URL}" ]]; then
+        sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.CustomAuth_custom_logout" "${OIDC_LOGOUT_URL}&post_logout_redirect_uri=${BASE_URL}/users/login"
+    else
+        echo "OIDC_LOGOUT_URL is not set"
+    fi
+
     # Disable password confirmation as stated at https://github.com/MISP/MISP/issues/8116
     sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Security.require_password_confirmation" false
 }
diff --git a/docker-compose.yml b/docker-compose.yml
index 175ad39..c74f8ac 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -117,6 +117,7 @@ services:
       - "OIDC_ROLES_PROPERTY=${OIDC_ROLES_PROPERTY}"
       - "OIDC_ROLES_MAPPING=${OIDC_ROLES_MAPPING}"
       - "OIDC_DEFAULT_ORG=${OIDC_DEFAULT_ORG}"
+      - "OIDC_LOGOUT_URL=${OIDC_LOGOUT_URL}"
       # LDAP authentication settings
       - "LDAP_ENABLE=${LDAP_ENABLE}"
       - "LDAP_APACHE_ENV=${LDAP_APACHE_ENV}"
diff --git a/template.env b/template.env
index b1188de..66edd73 100644
--- a/template.env
+++ b/template.env
@@ -121,6 +121,7 @@ SYNCSERVERS_1_PULL_RULES=
 # OIDC_ROLES_PROPERTY="roles"
 # OIDC_ROLES_MAPPING="{\"admin\": \"1\"}"
 # OIDC_DEFAULT_ORG=
+# OIDC_LOGOUT_URL=
 
 # Enable LDAP (using the ApacheSecureAuth component) authentication, according to https://github.com/MISP/MISP/issues/6189
 # NOTE: Once you enable LDAP authentication with the ApacheSecureAuth component,