diff --git a/public/apps/account/utils.tsx b/public/apps/account/utils.tsx index ab41bd34..56328ddf 100644 --- a/public/apps/account/utils.tsx +++ b/public/apps/account/utils.tsx @@ -43,18 +43,23 @@ export async function logout(http: HttpStart, logoutUrl?: string): Promise setShouldShowTenantPopup(null); // Clear everything in the sessionStorage since they can contain sensitive information sessionStorage.clear(); - // When no basepath is set, we can take '/' as the basepath. - const basePath = http.basePath.serverBasePath ? http.basePath.serverBasePath : '/'; - const nextUrl = encodeURIComponent(basePath); - window.location.href = - logoutUrl || `${http.basePath.serverBasePath}/app/login?nextUrl=${nextUrl}`; + if (logoutUrl) { + window.location.href = logoutUrl; + } else { + // when session timed out, user credentials in cookie are wiped out + // refresh the page will direct the user to go through login process + window.location.reload(); + } } export async function externalLogout(http: HttpStart, logoutEndpoint: string): Promise { // This will ensure tenancy is picked up from local storage in the next login. setShouldShowTenantPopup(null); sessionStorage.clear(); - window.location.href = `${http.basePath.serverBasePath}${logoutEndpoint}`; + const nextUrl = encodeURIComponent( + window.location.pathname + window.location.search + window.location.hash + ); + window.location.href = `${http.basePath.serverBasePath}${logoutEndpoint}?nextUrl=${nextUrl}`; } export async function updateNewPassword( diff --git a/public/utils/logout-utils.tsx b/public/utils/logout-utils.tsx index 7ab38e45..132a2daa 100644 --- a/public/utils/logout-utils.tsx +++ b/public/utils/logout-utils.tsx @@ -38,7 +38,7 @@ export function interceptError(logoutUrl: string, thisWindow: Window): any { thisWindow.location.href = logoutUrl; } else { // when session timed out, user credentials in cookie are wiped out - // refres the page will direct the user to go through login process + // refresh the page will direct the user to go through login process thisWindow.location.reload(); } } diff --git a/server/auth/types/openid/routes.ts b/server/auth/types/openid/routes.ts index b9c76de7..5168e6ac 100644 --- a/server/auth/types/openid/routes.ts +++ b/server/auth/types/openid/routes.ts @@ -265,7 +265,12 @@ export class OpenIdAuthRoutes { const token = tokenFromExtraStorage.length ? tokenFromExtraStorage.split(' ')[1] : cookie?.credentials.authHeaderValue.split(' ')[1]; // get auth token - const nextUrl = getBaseRedirectUrl(this.config, this.core, request); + let nextUrl = getBaseRedirectUrl(this.config, this.core, request); + if (request.url.searchParams.has('nextUrl') && !!request.url.searchParams.get('nextUrl')) { + nextUrl = `${nextUrl}/app/login?nextUrl=${encodeURIComponent( + request.url.searchParams.get('nextUrl') || '' + )}`; + } const logoutQueryParams = { post_logout_redirect_uri: `${nextUrl}`, diff --git a/server/auth/types/saml/routes.ts b/server/auth/types/saml/routes.ts index 0e01803c..1812665a 100644 --- a/server/auth/types/saml/routes.ts +++ b/server/auth/types/saml/routes.ts @@ -392,9 +392,15 @@ export class SamlAuthRoutes { this.getExtraAuthStorageOptions(context.security_plugin.logger) ); this.sessionStorageFactory.asScoped(request).clear(); + + let loginUrl = `${this.coreSetup.http.basePath.serverBasePath}/app/login`; + if (request.url.searchParams.has('nextUrl')) { + loginUrl = `${loginUrl}?nextUrl=${encodeURIComponent( + request.url.searchParams.get('nextUrl') || '' + )}`; + } // TODO: need a default logout page - const redirectUrl = - authInfo.sso_logout_url || this.coreSetup.http.basePath.serverBasePath || '/'; + const redirectUrl = authInfo.sso_logout_url || loginUrl; return response.redirected({ headers: { location: redirectUrl,