Add BackChannel during DCR

added an api invocation that would enable and add  backChannel logout url to the Identity server per request Handler

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SessionIdStore.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ * Copyright (c) 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
  *
  * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
  * Version 2.0 (the "License"); you may not use this file except

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java

@@ -244,6 +244,9 @@ public class SsoLoginHandler extends HttpServlet {
                 return;
             }
             HandlerUtil.handleError(resp, null);
+
+            // Enables BackChannelLogout
+            enableBackChannelLogout();
         } catch (IOException e) {
             log.error("Error occurred while sending the response into the socket. ", e);
         } catch (JsonSyntaxException e) {
@@ -311,10 +314,14 @@ public class SsoLoginHandler extends HttpServlet {
         String logoutRedirect = "";
         if (applicationName.equals("entgra")) {
             logoutRedirect = iotsCoreUrl + "/endpoint-mgt";
-        } else {
+        } else if (applicationName.equals("publisher")) {
+            logoutRedirect = iotsCoreUrl + "/app-publisher";
+        }
+        else{
             logoutRedirect = (iotsCoreUrl + "/" + applicationName);
         }
-        jsonObject.put(HandlerConstants.CALLBACK_URL_KEY, "regexp=(" + iotsCoreUrl + baseContextPath + HandlerConstants.SSO_LOGIN_CALLBACK + "|" + logoutRedirect + ")");
+        jsonObject.put(HandlerConstants.CALLBACK_URL_KEY, "regexp=(" + iotsCoreUrl + baseContextPath
+                + HandlerConstants.SSO_LOGIN_CALLBACK + "|" + logoutRedirect + ")");
         String payload = jsonObject.toString();
         return new StringEntity(payload, ContentType.APPLICATION_JSON);
     }
@@ -470,4 +477,24 @@ public class SsoLoginHandler extends HttpServlet {
 
         HandlerUtil.execute(updateApplicationEndpoint);
     }
+
+    /***
+     * Enables Backchannel Logout
+     * This Invokes the Identity server and updates its specific application with logoutCallBackHandler URL
+     */
+    private void enableBackChannelLogout() throws IOException {
+        String apiUpdateOAuth = iotsCoreUrl + HandlerConstants.IDENTITY_DCR_ENDPOINT + oAuthApp.getClientId();
+        HttpPut setBackChannelLogout = new HttpPut(apiUpdateOAuth);
+        setBackChannelLogout.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC +
+                encodedAdminCredentials);
+        setBackChannelLogout.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON.toString());
+        JsonObject jsonObject = new JsonObject();
+        jsonObject.addProperty(HandlerConstants.BACKCHANNEL_LOGOUT_URI, iotsCoreUrl + baseContextPath
+                + HandlerConstants.SSO_LOGOUT_CALLBACK);
+        jsonObject.addProperty(HandlerConstants.BACKCHANNEL_LOGOUT_SESSION_REQUIRED, true);
+        String payload = jsonObject.toString();
+        setBackChannelLogout.setEntity(new StringEntity(payload, ContentType.APPLICATION_JSON));
+
+        HandlerUtil.execute(setBackChannelLogout);
+    }
 }

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLogoutCallbackHandler.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ * Copyright (c) 2023, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
  *
  * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
  * Version 2.0 (the "License"); you may not use this file except

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLogoutHandler.java

@@ -51,7 +51,10 @@ public class SsoLogoutHandler extends HttpServlet {
         String logoutRedirect = "";
         if (applicationName.equals("entgra")) {
             logoutRedirect = iotsCoreUrl + "/endpoint-mgt";
-        } else {
+        } else if(applicationName.equals("publisher")) {
+            logoutRedirect = iotsCoreUrl + "/app-publisher";
+        }
+        else{
             logoutRedirect = (iotsCoreUrl + "/" + applicationName);
         }
 
@@ -68,6 +71,9 @@ public class SsoLogoutHandler extends HttpServlet {
             resp.sendRedirect(redirect);
         } catch (IOException e) {
             log.error("Error occured while redirecting");
+        } catch (NullPointerException e) {
+            log.error("Invalid Session");
+            resp.setStatus(401);
         }
     }
 }

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java

@@ -30,6 +30,10 @@ public class HandlerConstants {
     public static final String IDENTITY_APP_MGT_ENDPOINT = "/services/IdentityApplicationManagementService.IdentityApplicationManagementServiceHttpsSoap11Endpoint";
     public static final String LOGIN_PAGE = "/login";
     public static final String SSO_LOGIN_CALLBACK = "/ssoLoginCallback";
+    public static final String SSO_LOGOUT_CALLBACK = "/ssoLogoutCallback";
+    public static final String IDENTITY_DCR_ENDPOINT = "/api/identity/oauth2/dcr/v1.1/register/";
+    public static final String BACKCHANNEL_LOGOUT_URI = "backchannel_logout_uri";
+    public static final String BACKCHANNEL_LOGOUT_SESSION_REQUIRED= "backchannel_logout_session_required";
     public static final String BASIC = "Basic ";
     public static final String BEARER = "Bearer ";
     public static final String X_FRAME_OPTIONS = "X-Frame-Options";