"logout_url" does not seem to be respected from omniauth provider
Summary
With omniauth enabled, and with a given logout_url
, the proper redirection does not take place on sign-out
Steps to reproduce
Configure Gitlab to use a CAS omniauth provider that specifies a logout_url
. Sign out. Notice you are not redirected to the URL you specified.
Configuration used
Here is our values config:
omniauth:
enabled: true
autoSignInWithProvider: cas3
syncProfileFromProvider: ['cas3']
syncProfileAttributes: ['cas3']
allowSingleSignOn: ['cas3']
blockAutoCreatedUsers: false
autoLinkLdapUser: false
autoLinkSamlUser: false
externalProviders: []
providers:
- secret: gitlab-cas-secret
name: provider
And here is the CAS json (that is set in the gitlab-cas-secret
):
{
"name": "cas3",
"label": "My CAS",
"args": {
"url": "https://cas.provider.net",
"login_url": "/cas/login",
"service_validate_url": "/cas/serviceValidate",
"logout_url": "/cas/logout",
"nickname_key": "username"
}
}
I also tried creating the secret with yaml to see if that made a difference (it didn't):
---
name: cas3
label: My CAS
args:
url: https://cas.provider.net
login_url: "/cas/login"
service_validate_url: "/cas/serviceValidate"
logout_url: "/cas/logout"
nickname_key: username
Current behavior
All of the sign-in feature of the provider work perfectly (auto sign-in, the login redirect, etc, are all fine) - but if a user tries to sign out they are automatically signed back in - because the logout url is not redirected to /cas/logout
as expected, instead it is just going to /users/sign_in
.
Expected behavior
The URL redirection would work as expected. FWIW this same configuration works fine in our omnibus deployment.
Versions
- Chart: latest
- Platform:
- Self-hosted: IBM Cloud
- Kubernetes: (
kubectl version
)- Client: 1.10
- Server: 1.11
- Helm: (
helm version
)- Client: 2.8.2
- Server: 2.8.2
Relevant logs
Here is a kubetail
capture of the unicorn log when a user tries to sign out:
[gitlab-unicorn-5d7f59d7c5-wqmgr unicorn] ==> /var/log/gitlab/production.log <==
[gitlab-unicorn-5d7f59d7c5-wqmgr unicorn] Started GET "/users/sign_out" for xxx.xxx.xxx.xxx at 2018-10-03 16:53:01 +0000
[gitlab-unicorn-5d7f59d7c5-wqmgr unicorn] Processing by SessionsController#destroy as HTML
[gitlab-unicorn-5d7f59d7c5-wqmgr unicorn] Redirected to https://gitlab-test.net/users/sign_in
[gitlab-unicorn-5d7f59d7c5-wqmgr unicorn] Completed 302 Found in 95ms (ActiveRecord: 21.0ms)