From 8315545144d6f3c998f617668e51f50890db4707 Mon Sep 17 00:00:00 2001 From: Ger Roza Date: Tue, 25 Oct 2022 16:52:03 -0300 Subject: [PATCH] Update RP-Initiated Logout target URLs. The URLs we're using are not actually pointing to the OIDC RP-Initiated Logout Specs. Fixes: gh-12081 --- docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc | 2 +- docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc | 2 +- .../web/logout/OidcClientInitiatedLogoutSuccessHandler.java | 3 +-- .../logout/OidcClientInitiatedServerLogoutSuccessHandler.java | 3 +-- 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc b/docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc index 8dfb8c9e93..f2116565b8 100644 --- a/docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc +++ b/docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc @@ -645,7 +645,7 @@ If more than one `ClientRegistration` is configured for OpenID Connect 1.0 Authe == OpenID Connect 1.0 Logout OpenID Connect Session Management 1.0 allows the ability to log out the End-User at the Provider using the Client. -One of the strategies available is https://openid.net/specs/openid-connect-session-1_0.html#RPLogout[RP-Initiated Logout]. +One of the strategies available is https://openid.net/specs/openid-connect-rpinitiated-1_0.html[RP-Initiated Logout]. If the OpenID Provider supports both Session Management and https://openid.net/specs/openid-connect-discovery-1_0.html[Discovery], the client may obtain the `end_session_endpoint` `URL` from the OpenID Provider's https://openid.net/specs/openid-connect-session-1_0.html#OPMetadata[Discovery Metadata]. This can be achieved by configuring the `ClientRegistration` with the `issuer-uri`, as in the following example: diff --git a/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc b/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc index bd1d49e7fe..541637b8d1 100644 --- a/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc +++ b/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc @@ -838,7 +838,7 @@ If more than one `ClientRegistration` is configured for OpenID Connect 1.0 Authe == OpenID Connect 1.0 Logout OpenID Connect Session Management 1.0 allows the ability to log out the End-User at the Provider using the Client. -One of the strategies available is https://openid.net/specs/openid-connect-session-1_0.html#RPLogout[RP-Initiated Logout]. +One of the strategies available is https://openid.net/specs/openid-connect-rpinitiated-1_0.html[RP-Initiated Logout]. If the OpenID Provider supports both Session Management and https://openid.net/specs/openid-connect-discovery-1_0.html[Discovery], the client may obtain the `end_session_endpoint` `URL` from the OpenID Provider's https://openid.net/specs/openid-connect-session-1_0.html#OPMetadata[Discovery Metadata]. This can be achieved by configuring the `ClientRegistration` with the `issuer-uri`, as in the following example: diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java index 262e08a2aa..2f266efc79 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/logout/OidcClientInitiatedLogoutSuccessHandler.java @@ -41,8 +41,7 @@ import org.springframework.web.util.UriComponentsBuilder; * @author Josh Cummings * @since 5.2 * @see RP-Initiated - * Logout + * "https://openid.net/specs/openid-connect-rpinitiated-1_0.html">RP-Initiated Logout * @see org.springframework.security.web.authentication.logout.LogoutSuccessHandler */ public final class OidcClientInitiatedLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java index f843b5379c..7b4e45595a 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/web/server/logout/OidcClientInitiatedServerLogoutSuccessHandler.java @@ -43,8 +43,7 @@ import org.springframework.web.util.UriComponentsBuilder; * @author Josh Cummings * @since 5.2 * @see RP-Initiated - * Logout + * "https://openid.net/specs/openid-connect-rpinitiated-1_0.html">RP-Initiated Logout * @see org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler */ public class OidcClientInitiatedServerLogoutSuccessHandler implements ServerLogoutSuccessHandler {