Open Closed

I added external Idsrv4 to the abp Idsrv - I want to logout form external Idsrv4 after logout from my app. #2947


User avatar
0
mostafa_ibrahem22@hotmail.com created

ABP Framework version: commercial v 5.1.3 UI type: Angular DB provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): yes

I added external Idsrv4 to the abp Idsrv I want to logout form external Idsrv4 after logout from my app.

        context.Services.AddAuthentication()
        .AddJwtBearer(options =>
        {
            options.Authority = configuration["AuthServer:Authority"];
            options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
            options.Audience = configuration["AuthServer:ApiName"];
        }).AddOpenIdConnect("oidc", options =>
        {
            options.Authority = "https://localhost:44382/";
            options.ClientId = "main_core_idsrv";
            options.ClientSecret = "main_core_idsrv_secret_mvc";
            
            options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
            
            options.ResponseType = OpenIdConnectResponseType.Code;
            options.SaveTokens = true;
            options.GetClaimsFromUserInfoEndpoint = true;   
            
            options.Scope.Clear();
            options.Scope.Add("openid");
            options.Scope.Add("profile");
            options.Scope.Add("email");
            
            options.Events = new OpenIdConnectEvents
            {
                OnTokenValidated = context =>
                {
                    var userID = context.Principal.FindFirstValue("sub");
                    return Task.CompletedTask;
                }};
        });

10 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    You can call await HttpContext.SignOutAsync("oidc");

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    You need to configure front-channel (or back-channel) logout for the external identityserver if you want to sign out from the it as well whenever you logout from abp identityserver.

    Abp IdentityServes has this feature implemented. However, you need to manually add it to the external identityserver.

    You can check:

    • https://docs.identityserver.io/en/latest/topics/signout.html#notifying-clients-that-the-user-has-signed-out
    • https://stackoverflow.com/questions/47621453/how-to-enable-front-channel-or-back-channel-logout-in-identityserver4
  • User Avatar
    0
    mostafa_ibrahem22@hotmail.com created

    which page can I write this code?

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Logout page of external IdentityServer which will announce clients to sign out.

  • User Avatar
    0
    mostafa_ibrahem22@hotmail.com created

    please write full code for solution. in normal application without abp can ease implementation,

    in normal application SignOut("cookies","oidc"); is enough, but in abp with angular how can get id_token to call end session in external Idsv.

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    This is not related to ABP. As I mentioned above, to sign out from external identityserver; you need to implement front-channel or back-channel logout mechanism to the external identityserver.

  • User Avatar
    0
    mostafa_ibrahem22@hotmail.com created

    implement front-channel or back-channel logout mechanism to the external identityserver already exists but how call SignOut("cookies","oidc"); in abp identityserver.

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    implement front-channel or back-channel logout mechanism to the external identityserver already exists but how call SignOut("cookies","oidc"); in abp identityserver.

    It is a mechanism. You don't call signout manually. You return a LoggedOutView that includes iframe that calls the callback of the other clients. Then you need to specify which client is enabled the front channel and on which endpoint.

    See the links I have shared above.

  • User Avatar
    0
    mostafa_ibrahem22@hotmail.com created

    how make these "You return a LoggedOutView that includes iframe that calls the callback of the other clients."?

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    With something like:

    [HttpPost]
    [ValidateAntiForgeryToken]
    public async Task<IActionResult> Logout(LogoutInputModel model)
    {
       // build a model so the logged out page knows what to display
       var vm = await BuildLoggedOutViewModelAsync(model.LogoutId);
       ...
       return View("LoggedOut", vm);
    }
    

    LoggedOut.cshtml:

    @model LoggedOutViewModel
    
    <div class="page-header logged-out">
       <small>You are now logged out</small>
       ...
       @if (Model.SignOutIframeUrl != null)
       {
           <iframe width="0" height="0" class="signout" src="@Model.SignOutIframeUrl"></iframe>
       }
    </div>
    

    Taken from https://stackoverflow.com/a/55312218/2594735

    Also, this is not related to ABP. You can get better and faster results from asking to stackoverflow or the identityserver github issue tracker.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11