2

I'm using OpenID Connect and OAuth 2.0 to authenticate and authorize users directly against AD FS 4.0. I added my Angular + ASP.NET Core app as Native and Wep API application to Application groups, provided list of Redirect URI for Native app.

When users logout from application they don't redirect to login page. I checked answer ADFS 2016 oAuth not redirecting to login page after logout but in my case id_token_hint and post_Logout_Redirect_Uri are specified:

GET https://<server-name>/adfs/ls/?wa=wsignoutcleanup1.0&id_token_hint=<current_Id_Token>&post_logout_redirect_uri=http://localhost:5000 HTTP/1.1

http:/localhost:5000 is added to list of Redirect URI in native aplication properties. Also no error or warning can be found in adfs logs with enabled tracing.

May I missed something when settings some adfs properties?

kvn92
  • 41
  • 1
  • 3

2 Answers2

0

I ran into this many years ago on ADFS 2.1 - I seem to remember that the post logout redirect uri had to be on the same domain as to the normal login redirect uri.

Try redirecting back to your own app and then doing a response.redirect to the final location.

Gary Archer
  • 22,534
  • 2
  • 12
  • 24
0

As described here you could try using the Open ID Connect Frontchannel Logout mechanism which is supported by ADFS.

Go to https://server-name/adfs/.well-known/openid-configuration and check if frontend logout mechanism is supported by verifying that following entries are present:

end_session_endpoint: "https://<server-name>/adfs/oauth2/logout",
...
frontchannel_logout_supported: true,
frontchannel_logout_session_supported: true,

Thereafter you add a logout uri to your server/native app in adfs by executing:

 Set-AdfsServerApplication -TargetIdentifier <id> -LogoutUri http://localhost:5000/logout

Finally you can logout by calling:

https://<server-name>/adfs/oauth2/logout?id_token_hint=XXXXX&post_logout_redirect_uri=http://localhost:5080
pero_hero
  • 2,881
  • 3
  • 10
  • 24