Open Closed

Troubleshooting post logout redirect parameter issue #6397

User avatar
0
ademaygun created
  • ABP Framework version: v5.3.3
  • UI Type: Angular
  • Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..)
  • Tiered (for MVC) or Auth Server Separated (for Angular): no
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

I have an ABP project (account.abc.com), and another project (xyz.abc.com, not an ABP project) uses this project as an external login.

When we log out on xyz.abc.com, it sends post_logout_redirect_uri as a parameter, but the logout redirect is not working. I noticed that in my ABP projects, this parameter is sent as PostLogoutRedirectUri. I saw on the IDS page that it is used as post_logout_redirect_uri. We are unable to convince the team developing xyz.abc.com to make the change from post_logout_redirect_uri to PostLogoutRedirectUri.

In summary, even if post_logout_redirect_uri is sent as a parameter, how can we ensure that the logout process works?

Go to accepted answer
6 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    https://identityserver4.readthedocs.io/en/latest/endpoints/endsession.html#example

    I think there is no problem, first, you should add the PostLogoutRedirectUri to the xyz.abc.com's identityserver client.

    second, configure the RedirectAllowedUrls in the appsettings.json file.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    And could you share the logs of account.abc.com?

  • User Avatar
    0
    ademaygun created

    Hi Liangshiwei,

    The logout redirect URLs are already defined; however, if the logout URL is as follows, it does not perform any redirection

    https://account.abc.com/Account/LoggedOut?ClientName=Abc_App&post_logout_redirect_uri=https%3A%2F%2Fxyz.com&Culture=en&UICulture=en&PageContext=Microsoft.AspNetCore.Mvc.RazorPages.PageContext

    If the link is in the following format, it successfully redirects:

    https://account.abc.com/Account/LoggedOut?ClientName=Abc_App&PostLogoutRedirectUri=https%3A%2F%2Fxyz.com&Culture=en&UICulture=en&PageContext=Microsoft.AspNetCore.Mvc.RazorPages.PageContext

    Note: This issue is not reflected in the logs

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Ok, I understand.

    post_logout_redirect_uri is a standard IdentityServer endpoint /connect/endsession's parameter

    But /Account/LoggedOut is an ABP razor page, that's why post_logout_redirect_uri will not work.

    You can rename the parameter via middleware, for example:

    public class AccountLogoutQueryStringMiddleware
{
    private readonly RequestDelegate _next;

    public AccountLogoutQueryStringMiddleware(RequestDelegate next)
    {
        _next = next;
    }

    public async Task InvokeAsync(HttpContext context)
    {
        if (context.Request.Path.ToString().Contains("Account/LoggedOut"))
        {
            if (context.Request.Query.ContainsKey("post_logout_redirect_uri"))
            {
                context.Request.QueryString = context.Request.QueryString.Add("PostLogoutRedirectUri", context.Request.Query["post_logout_redirect_uri"].ToString());
            }
                
        }
        await _next(context);
    }
}

    public override void OnApplicationInitialization(ApplicationInitializationContext context)
{
    var env = context.GetEnvironment();
    var app = context.GetApplicationBuilder();

    app.UseMiddleware<AccountLogoutQueryStringMiddleware>();
    
    .......
}
  • User Avatar
    0
    ademaygun created

    Hi, I just realized that xyz.com comes to us with the following link:

    https://account.abc.com/connect/endsession?post_logout_redirect_uri=https://xyz.com&client_id=Xyz_App

    I customized the code as follows:

    public async Task InvokeAsync(HttpContext context)
    {
        if (context.Request.Path.StartsWithSegments("/connect/endsession"))
        {
            var postLogoutRedirectUri = context.Request.Query["post_logout_redirect_uri"].ToString();
            var clientId = context.Request.Query["client_id"].ToString();

            var redirectUrl = $"/Account/LoggedOut?PostLogoutRedirectUri={postLogoutRedirectUri}&ClientName={clientId}";

            context.Response.Redirect(redirectUrl);
            return;
        }

        await _next(context);
    }

    Thank you for your response.I have resolved my issue. However, I need to mention the following as well:

    • The Abp framework should handle a standard link like the one mentioned above (connect/endsession).
    • It redirects regardless of what we send to the redirect URL; it does not perform any checks (It might be a bug)

    EDIT (2024-08-01):

    The client application was not sending the id_token_hint during the invocation of /connect/endsession. Therefore, we removed the custom middleware. The system is now functioning in compliance with the standard

  • User Avatar
    1
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Good to see that the problem has been fixed.

    The Abp framework should handle a standard link like the one mentioned above (connect/endsession).

    I will check it.

    It redirects regardless of what we send to the redirect URL; it does not perform any checks (It might be a bug)

    The problem has been fixed in the next version.

Assignee
User avatar liangshiwei
Labels
None yet
Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
Do you need assistance from an ABP expert?
Schedule a Meeting
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v9.2.0-preview. Updated on March 20, 2025, 18:00