Skip to content
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.

PostLogoutRedirectUri not work #1121

Closed
totpero opened this issue Mar 25, 2015 · 9 comments
Closed

PostLogoutRedirectUri not work #1121

totpero opened this issue Mar 25, 2015 · 9 comments

Comments

@totpero
Copy link
Contributor

totpero commented Mar 25, 2015

Hello,

I try to EnablePostSignOutAutoRedirect and not works. How to set this options?

On the server i have this settings:

The clint settings:

new Client()
                {
                    Enabled = true,             
                    ClientId = "app1",
                    ClientName = "Aplicatie 1",

                    Flow = Flows.Implicit,

                    RequireConsent = true,
                    AllowRememberConsent = true,

                    RedirectUris = new List<string>
                    {                        
                        // app1 middleware client
                        "http://localhost:6344/"
                    },

                    PostLogoutRedirectUris = new List<string>
                    {
                        "http://localhost:6344/"
                    },

                    IdentityTokenLifetime = 360,
                    AccessTokenLifetime = 3600                    
                },

The server config:

var options = new IdentityServerOptions
            {
                SiteName = Autentification",
                RequireSsl = false,
                SigningCertificate = Certificate.Load(),
                CorsPolicy = CorsPolicy.AllowAll,

                Factory = InMemoryFactory.Create(
                    users: Users.Get(),
                   clients: Clients.Get(),
                    scopes: Scopes.Get()
                ),
                AuthenticationOptions = new AuthenticationOptions
                {
                    IdentityProviders = ConfigureAdditionalIdentityProviders,
                    EnablePostSignOutAutoRedirect = true,
                    EnableSignOutPrompt = false,
                },
            };

            app.Map("/identity", idsrvApp => idsrvApp.UseIdentityServer(options));

And on my clint app i have this:

 app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                ClientId = "app1",
                Authority = "http://localhost:6164/identity",
                RedirectUri =  "http://localhost:6344/",
                PostLogoutRedirectUri = "http://localhost:6344/",
                ResponseType = "code id_token token",
                Scope = "openid email roles",

                SignInAsAuthenticationType = "Cookies",
               ....

What is wrong?
The logout redirect link is not show if i only set PostLogoutRedirectUri on the client app and to set PostLogoutRedirectUris on the server Client?

Need to do something else?
@brockallen
Copy link
Member

At logout the client must also pass the id token via the is token hint param. The katana middleware doesn't do this automatically. Check the oidc katana sample.

-Brock

On Mar 25, 2015, at 7:44 AM, TotPeRo notifications@github.com wrote:

Hello,

I try to EnablePostSignOutAutoRedirect and not works. How to set this options?

On the server i have this settings:

The clint settings:

new Client()
{
Enabled = true,
ClientId = "app1",
ClientName = "Aplicatie 1",

                Flow = Flows.Implicit,

                RequireConsent = true,
                AllowRememberConsent = true,

                RedirectUris = new List<string>
                {                        
                    // app1 middleware client
                    "http://localhost:6344/"
                },

                PostLogoutRedirectUris = new List<string>
                {
                    "http://localhost:6344/"
                },

                IdentityTokenLifetime = 360,
                AccessTokenLifetime = 3600                    
            },

The server config:

var options = new IdentityServerOptions
{
SiteName = "Sobis Autentificare",
RequireSsl = false,
SigningCertificate = Certificate.Load(),
CorsPolicy = CorsPolicy.AllowAll,

            Factory = InMemoryFactory.Create(
                users: Users.Get(),
               clients: Clients.Get(),
                scopes: Scopes.Get()
            ),
            AuthenticationOptions = new AuthenticationOptions
            {
                IdentityProviders = ConfigureAdditionalIdentityProviders,
                EnablePostSignOutAutoRedirect = true,
                EnableSignOutPrompt = false,
            },
        };

        app.Map("/identity", idsrvApp => idsrvApp.UseIdentityServer(options));

And on my clint app i have this:

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = "app1",
Authority = "http://localhost:6164/identity",
RedirectUri = "http://localhost:6344/",
PostLogoutRedirectUri = "http://localhost:6344/",
ResponseType = "code id_token token",
Scope = "openid email roles",

            SignInAsAuthenticationType = "Cookies",

....
What is wrong?
The logout redirect link is not show if i only set PostLogoutRedirectUri on the client app and to set PostLogoutRedirectUris on the server Client?

Need to do something else?


Reply to this email directly or view it on GitHub.

@totpero
Copy link
Contributor Author

totpero commented Mar 25, 2015

I try to add this to the client but not work:

Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    SecurityTokenValidated = async n =>
                    {
                        var id = n.AuthenticationTicket.Identity;

                        id.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
                        n.AuthenticationTicket = new AuthenticationTicket(
                               id,
                               n.AuthenticationTicket.Properties);
                    },


                    RedirectToIdentityProvider = async n =>
                    {
                        if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                        {
                            var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token").Value;
                            n.ProtocolMessage.IdTokenHint = idTokenHint;
                        }
                    }
                }

@brockallen
Copy link
Member

Then the only other suggestion is to check the identity server logs.

-Brock

On Mar 25, 2015, at 8:12 AM, TotPeRo notifications@github.com wrote:

I try to add this to the client but not work:

Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = async n =>
{
var id = n.AuthenticationTicket.Identity;

                    id.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
                    n.AuthenticationTicket = new AuthenticationTicket(
                           id,
                           n.AuthenticationTicket.Properties);
                },


                RedirectToIdentityProvider = async n =>
                {
                    if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                    {
                        var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token").Value;
                        n.ProtocolMessage.IdTokenHint = idTokenHint;
                    }
                }
            }


Reply to this email directly or view it on GitHub.

@totpero
Copy link
Contributor Author

totpero commented Mar 26, 2015

I solve this problem thanks.

@bychkov
Copy link

bychkov commented Mar 31, 2015

I'm trying to implement the same functionality, but having hard time getting id_token. Could you post your solution here?

@j3ffb
Copy link

j3ffb commented Apr 7, 2015

I would also be interested in seeing how you got this working. Thanks.

@bychkov
Copy link

bychkov commented Apr 7, 2015

For me it was combination of 3 things to make it work:

  1. Notifications from totpero
  2. PostLogoutRedirectUris in client configuration
  3. SignOut action on HomeController:
    public ActionResult Signout()
    {
    Request.GetOwinContext().Authentication.SignOut(new AuthenticationProperties()
    {
    RedirectUri = "https://localhost:44300/"
    });
    return Redirect("~/");
    }

@totpero
Copy link
Contributor Author

totpero commented Apr 8, 2015

Yes this is the steps.
Very important is the uri from the client : PostLogoutRedirectUris to bee correct. to verify this you need to activate the log and see if is some errors there.
Also without Notifications part don't work.
And for logut action is ok only this:

 public ActionResult Signout()
        {
            if (Request.GetOwinContext().Authentication.User.Identity.IsAuthenticated)
            {
                Request.GetOwinContext().Authentication.SignOut();
            }
            return Redirect(~/");
        }

@IainJ
Copy link

IainJ commented Jul 21, 2015

Just to clarify what @totpero said - You must make sure you have an entry in your Client()'s PostLogoutRedirectUri collection which corresponds to the PostLogoutRedirectUri you're attempting to redirect to from your app.

If you don't, you'll see an "Invalid post logout URI" error in your log.

@daver77 daver77 mentioned this issue Feb 13, 2017
Closed
@nukec nukec mentioned this issue Apr 10, 2017
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@brockallen @IainJ @j3ffb @totpero @bychkov