0

I'm having a strange problem on ADFS 2016. I have an Angular application that uses ng2-adal js to handle authentication and authorization of the application. When users logout from the application, they are not redirected back to the login page. I enabled debug traces in Event Viewer for ADFS and the error is:

OAuthSignoutProtocolHandler.ValidatePostLogoutRedirectUri: Validation result: False. RedirectUrl: http://localhost:4200/login

The specified redirect URL did not match any of the OAuth client's redirect URIs. The logout was successful but the client will not be redirected.

URL: http://localhost:4200/login

I have used the ADFS 2016 Application Groups, there i have my Native Client with this Redirect URL. If URL didn't exist users wouldn't be able to login in the first place.

Any help is much appreciated.

Ricky Stam
  • 2,116
  • 21
  • 25
  • Have you followed the steps at https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-logout-openid-connect for the ADFS configuration? – SamuelD MSFT Jan 17 '18 at 13:38

1 Answers1

2

Based on this github issue: https://github.com/AzureAD/azure-activedirectory-library-for-js/issues/677

I was able to logout and redirect back to login by adding the id_token_hint as an url parameter in the logout url.

The value of id_token_hint has to be the token received by ADFS. It is stored in SessionStorage (by default) and can be read like sessionStorage.getItem('adal.idtoken')

Ricky Stam
  • 2,116
  • 21
  • 25