Skip to content

Preserve custom logout URL when OIDC logout is configured#426

Merged
ostefano merged 1 commit into
MISP:masterfrom
BytesUnlimited-net:fix/oidc-logout-url
Jun 22, 2026
Merged

Preserve custom logout URL when OIDC logout is configured#426
ostefano merged 1 commit into
MISP:masterfrom
BytesUnlimited-net:fix/oidc-logout-url

Conversation

@BytesUnlimited-net

@BytesUnlimited-net BytesUnlimited-net commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Summary

This change prevents Plugin.CustomAuth_custom_logout from being unintentionally removed when OIDC logout is enabled.

Fixes #409

Problem

configure.sh sets Plugin.CustomAuth_custom_logout when the required logout parameters are provided. However, later in the script the setting may be unset again when CUSTOM_AUTH_ENABLE is not enabled.

As a result, configurations that rely on OIDC logout can lose their custom logout URL even though it was configured correctly earlier in the script.

Solution

Only unset Plugin.CustomAuth_custom_logout when OIDC logout is not enabled or when no OIDC logout URL has been provided.

This prevents the OIDC-specific logout configuration from being overwritten by the generic cleanup logic.

Impact

  • Preserves configured OIDC logout URLs.
  • Prevents valid logout configuration from being removed later in the script.
  • Makes the configuration logic consistent when OIDC is used without CUSTOM_AUTH_ENABLE.

@ostefano ostefano self-assigned this Jun 22, 2026
@ostefano ostefano added the scheduled Will merge at the next opportunity label Jun 22, 2026
@ostefano ostefano merged commit 5be978b into MISP:master Jun 22, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

scheduled Will merge at the next opportunity

Projects

None yet

Development

Successfully merging this pull request may close these issues.

OIDC_LOGOUT_URL is overwritten by set_up_custom_auth function

2 participants