Remote logout functionality on Authentiq OAuth provider (!9381) · Merge requests · GitLab.org / GitLab FOSS

Stan van de Burgt requested to merge alexkeramidas/gitlab-ce:authentiq-backchannel-logout into master Feb 20, 2017

What does this MR do?

This MR enables remote logout for Authentiq similar to the CAS3 remote logout.

Are there points in the code the reviewer needs to double check?

This MR does not change the semantics of the original Authentiq ID OAuth2 integration.

To test the logout functionality as an end-user, you can give it a spin at http://gitlab.demos.authentiq.io/ Alternatively, client credentials for Authentiq can be requested at the Authentiq web site or by contacting the Authentiq team.

Why was this MR needed?

In the original MR adding support for Authentiq we left out remote logout since the standard OIDC Session Management mechanism requires two hidden IFRAMEs in the site.

As suggested by the Gitlab team, this MR implements remote logout via an HTTP backchannel instead, very similar to how it is already done for CAS3.

Screenshots (if relevant)

N/A

Does this MR meet the acceptance criteria?

Changelog entry added
[N/A] Documentation created/updated
[N/A] API support added
Tests
- [N/A] Added for this feature/bug
- All builds are passing
Conform by the merge request performance guides
Conform by the style guides
Branch has no merge conflicts with master (if it does - rebase it please)
Squashed related commits together

What are the relevant issue numbers?

N/A

Remote logout functionality on Authentiq OAuth provider