Open Closed

Troubleshooting post logout redirect parameter issue #6397


User avatar
0
ademaygun created
  • ABP Framework version: v5.3.3
  • UI Type: Angular
  • Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..)
  • Tiered (for MVC) or Auth Server Separated (for Angular): no
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

I have an ABP project (account.abc.com), and another project (xyz.abc.com, not an ABP project) uses this project as an external login.

When we log out on xyz.abc.com, it sends post_logout_redirect_uri as a parameter, but the logout redirect is not working. I noticed that in my ABP projects, this parameter is sent as PostLogoutRedirectUri. I saw on the IDS page that it is used as post_logout_redirect_uri. We are unable to convince the team developing xyz.abc.com to make the change from post_logout_redirect_uri to PostLogoutRedirectUri.

In summary, even if post_logout_redirect_uri is sent as a parameter, how can we ensure that the logout process works?


6 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    https://identityserver4.readthedocs.io/en/latest/endpoints/endsession.html#example

    I think there is no problem, first, you should add the PostLogoutRedirectUri to the xyz.abc.com's identityserver client.

    second, configure the RedirectAllowedUrls in the appsettings.json file.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    And could you share the logs of account.abc.com?

  • User Avatar
    0
    ademaygun created

    Hi Liangshiwei,

    The logout redirect URLs are already defined; however, if the logout URL is as follows, it does not perform any redirection

    https://account.abc.com/Account/LoggedOut?ClientName=Abc_App&post_logout_redirect_uri=https%3A%2F%2Fxyz.com&Culture=en&UICulture=en&PageContext=Microsoft.AspNetCore.Mvc.RazorPages.PageContext

    If the link is in the following format, it successfully redirects:

    https://account.abc.com/Account/LoggedOut?ClientName=Abc_App&PostLogoutRedirectUri=https%3A%2F%2Fxyz.com&Culture=en&UICulture=en&PageContext=Microsoft.AspNetCore.Mvc.RazorPages.PageContext

    Note: This issue is not reflected in the logs

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Ok, I understand.

    post_logout_redirect_uri is a standard IdentityServer endpoint /connect/endsession's parameter

    But /Account/LoggedOut is an ABP razor page, that's why post_logout_redirect_uri will not work.

    You can rename the parameter via middleware, for example:

    public class AccountLogoutQueryStringMiddleware
    {
        private readonly RequestDelegate _next;
    
        public AccountLogoutQueryStringMiddleware(RequestDelegate next)
        {
            _next = next;
        }
    
        public async Task InvokeAsync(HttpContext context)
        {
            if (context.Request.Path.ToString().Contains("Account/LoggedOut"))
            {
                if (context.Request.Query.ContainsKey("post_logout_redirect_uri"))
                {
                    context.Request.QueryString = context.Request.QueryString.Add("PostLogoutRedirectUri", context.Request.Query["post_logout_redirect_uri"].ToString());
                }
                    
            }
            await _next(context);
        }
    }
    
    public override void OnApplicationInitialization(ApplicationInitializationContext context)
    {
        var env = context.GetEnvironment();
        var app = context.GetApplicationBuilder();
    
        app.UseMiddleware<AccountLogoutQueryStringMiddleware>();
        
        .......
    }
    
  • User Avatar
    0
    ademaygun created

    Hi, I just realized that xyz.com comes to us with the following link:

    https://account.abc.com/connect/endsession?post_logout_redirect_uri=https://xyz.com&client_id=Xyz_App

    I customized the code as follows:

    public async Task InvokeAsync(HttpContext context)
        {
            if (context.Request.Path.StartsWithSegments("/connect/endsession"))
            {
                var postLogoutRedirectUri = context.Request.Query["post_logout_redirect_uri"].ToString();
                var clientId = context.Request.Query["client_id"].ToString();
    
                var redirectUrl = $"/Account/LoggedOut?PostLogoutRedirectUri={postLogoutRedirectUri}&ClientName={clientId}";
    
                context.Response.Redirect(redirectUrl);
                return;
            }
    
            await _next(context);
        }
    

    Thank you for your response.I have resolved my issue. However, I need to mention the following as well:

    • The Abp framework should handle a standard link like the one mentioned above (connect/endsession).
    • It redirects regardless of what we send to the redirect URL; it does not perform any checks (It might be a bug)

    EDIT (2024-08-01):

    The client application was not sending the id_token_hint during the invocation of /connect/endsession. Therefore, we removed the custom middleware. The system is now functioning in compliance with the standard

  • User Avatar
    1
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Good to see that the problem has been fixed.

    The Abp framework should handle a standard link like the one mentioned above (connect/endsession).

    I will check it.

    It redirects regardless of what we send to the redirect URL; it does not perform any checks (It might be a bug)

    The problem has been fixed in the next version.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 12, 2024, 07:15