opensearch-project · cwperks · Jul 16, 2024 · Aug 27, 2024 · Aug 27, 2024
@@ -43,18 +43,23 @@
   setShouldShowTenantPopup(null);
   // Clear everything in the sessionStorage since they can contain sensitive information
   sessionStorage.clear();
-  // When no basepath is set, we can take '/' as the basepath.
-  const basePath = http.basePath.serverBasePath ? http.basePath.serverBasePath : '/';
-  const nextUrl = encodeURIComponent(basePath);
-  window.location.href =
-    logoutUrl || `${http.basePath.serverBasePath}/app/login?nextUrl=${nextUrl}`;
+  if (logoutUrl) {
+    window.location.href = logoutUrl;
+  } else {
+    // when session timed out, user credentials in cookie are wiped out
+    // refresh the page will direct the user to go through login process
+    window.location.reload();
+  }
 }
 
 export async function externalLogout(http: HttpStart, logoutEndpoint: string): Promise<void> {
   // This will ensure tenancy is picked up from local storage in the next login.
   setShouldShowTenantPopup(null);
   sessionStorage.clear();
-  window.location.href = `${http.basePath.serverBasePath}${logoutEndpoint}`;
+  const nextUrl = encodeURIComponent(
+    window.location.pathname + window.location.search + window.location.hash
+  );
+  window.location.href = `${http.basePath.serverBasePath}${logoutEndpoint}?nextUrl=${nextUrl}`;
 }
 
 export async function updateNewPassword(

@@ -38,7 +38,7 @@ export function interceptError(logoutUrl: string, thisWindow: Window): any {
           thisWindow.location.href = logoutUrl;
         } else {
           // when session timed out, user credentials in cookie are wiped out
-          // refres the page will direct the user to go through login process
+          // refresh the page will direct the user to go through login process
           thisWindow.location.reload();
         }
       }

@@ -265,7 +265,12 @@ export class OpenIdAuthRoutes {
         const token = tokenFromExtraStorage.length
           ? tokenFromExtraStorage.split(' ')[1]
           : cookie?.credentials.authHeaderValue.split(' ')[1]; // get auth token
-        const nextUrl = getBaseRedirectUrl(this.config, this.core, request);
+        let nextUrl = getBaseRedirectUrl(this.config, this.core, request);
+        if (request.url.searchParams.has('nextUrl') && !!request.url.searchParams.get('nextUrl')) {
+          nextUrl = `${nextUrl}/app/login?nextUrl=${encodeURIComponent(
+            request.url.searchParams.get('nextUrl') || ''
+          )}`;
+        }
 
         const logoutQueryParams = {
           post_logout_redirect_uri: `${nextUrl}`,

@@ -392,9 +392,15 @@ export class SamlAuthRoutes {
             this.getExtraAuthStorageOptions(context.security_plugin.logger)
           );
           this.sessionStorageFactory.asScoped(request).clear();
+
+          let loginUrl = `${this.coreSetup.http.basePath.serverBasePath}/app/login`;
+          if (request.url.searchParams.has('nextUrl')) {
+            loginUrl = `${loginUrl}?nextUrl=${encodeURIComponent(
+              request.url.searchParams.get('nextUrl') || ''
+            )}`;
+          }
           // TODO: need a default logout page
-          const redirectUrl =
-            authInfo.sso_logout_url || this.coreSetup.http.basePath.serverBasePath || '/';
+          const redirectUrl = authInfo.sso_logout_url || loginUrl;
           return response.redirected({
             headers: {
               location: redirectUrl,