diff --git a/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oidc/DhisOidcLogoutSuccessHandler.java b/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oidc/DhisOidcLogoutSuccessHandler.java index ff3db12cff9c..aee26b59524e 100644 --- a/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oidc/DhisOidcLogoutSuccessHandler.java +++ b/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/oidc/DhisOidcLogoutSuccessHandler.java @@ -29,6 +29,7 @@ import static com.google.common.base.Strings.isNullOrEmpty; import static org.hisp.dhis.external.conf.ConfigurationKey.LINKED_ACCOUNTS_ENABLED; +import static org.hisp.dhis.external.conf.ConfigurationKey.LINKED_ACCOUNTS_LOGOUT_URL; import static org.hisp.dhis.external.conf.ConfigurationKey.LINKED_ACCOUNTS_RELOGIN_URL; import static org.hisp.dhis.external.conf.ConfigurationKey.OIDC_LOGOUT_REDIRECT_URL; import static org.hisp.dhis.external.conf.ConfigurationKey.OIDC_OAUTH2_LOGIN_ENABLED; @@ -101,15 +102,22 @@ private void handleLinkedAccountsLogout( HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { - String currentUsername = request.getParameter("current"); String usernameToSwitchTo = request.getParameter("switch"); + String linkedAccountsLogoutUrl = config.getProperty(LINKED_ACCOUNTS_LOGOUT_URL); + if (isNullOrEmpty(linkedAccountsLogoutUrl)) { + // Fallback if not defined in config + linkedAccountsLogoutUrl = "/"; + } - if (isNullOrEmpty(currentUsername) || isNullOrEmpty(usernameToSwitchTo)) { - setOidcLogoutUrl(); + if (isNullOrEmpty(usernameToSwitchTo)) { + // No switch parameter present: redirect to linked_accounts.logout_url + this.handler.setDefaultTargetUrl(linkedAccountsLogoutUrl); } else { - - userStore.setActiveLinkedAccounts(currentUsername, usernameToSwitchTo); - + // switch parameter present: switch accounts and then redirect to re-login URL + String currentUsername = request.getParameter("current"); + if (!isNullOrEmpty(currentUsername)) { + userStore.setActiveLinkedAccounts(currentUsername, usernameToSwitchTo); + } this.handler.setDefaultTargetUrl(config.getProperty(LINKED_ACCOUNTS_RELOGIN_URL)); } diff --git a/dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java b/dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java index 43cdf6603a64..bd5049ee83bf 100644 --- a/dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java +++ b/dhis-2/dhis-support/dhis-support-external/src/main/java/org/hisp/dhis/external/conf/ConfigurationKey.java @@ -657,6 +657,9 @@ public enum ConfigurationKey { LINKED_ACCOUNTS_ENABLED("linked_accounts.enabled", Constants.OFF, false), LINKED_ACCOUNTS_RELOGIN_URL("linked_accounts.relogin_url", "", false), + + LINKED_ACCOUNTS_LOGOUT_URL("linked_accounts.logout_url", "", false), + SWITCH_USER_FEATURE_ENABLED("switch_user_feature.enabled", Constants.OFF, false), SWITCH_USER_ALLOW_LISTED_IPS( "switch_user_allow_listed_ips", "localhost,127.0.0.1,[0:0:0:0:0:0:0:1]", false),