Logout from External Provider #7453 | Support Center | ABP Commercial

neethucp created 3 days ago

ABP Framework version: v8.2.0
UI Type: Blazor Server
Database System: EF Core
Tiered (for MVC) or Auth Server Separated (for Angular): yes

Hi,

We have integrated Azure AD authentication in our application. However, when we try to logout, it does not logout from Azure AD. Can you please guide us on how to implement logout from external provider in abp?

10 Answer(s)

0

liangshiwei created 3 days ago
Support Team Fullstack Developer

Hi,

it is already like this https://support.abp.io/QA/Questions/5244/B2C-user-is-logged-in-as-local-user-on-signup-flow
0

neethucp created 2 days ago

Hi,

What we are looking for is to logout from the external provider, by invoking the end session endpoint, and perform a single sign out. We have registered Azure AD as external provider in the auth server using OpenID Connect with dynamic options. So, when we logout we want to redirect to Azure AD logout uri.

liangshiwei created 2 days ago

Support Team Fullstack Developer

Hi,

After my check, This is the default behavior.

If you want to logout from Azure Id, You need to redirect manually.

For example:

[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(LogoutModel))]
public class MyLoginOutModel : LogoutModel
{
    public override async Task<IActionResult> OnGetAsync()
    {
        if (CurrentUser.IsAuthenticated)
        {
            await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext
            {
                Identity = IdentitySecurityLogIdentityConsts.Identity,
                Action = IdentitySecurityLogActionConsts.Logout
            });
        }
        //
        await SignInManager.SignOutAsync();
        await HttpContext.SignOutAsync(ConfirmUserModel.ConfirmUserScheme);
        await HttpContext.SignOutAsync(ChangePasswordModel.ChangePasswordScheme);
        
        // redirect to azure id
        return Redirect("https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri=https://localhost:44382/Account/Login");

    }
}

0

neethucp created 2 days ago

Hi,

I tried extending LogoutModel. But it is not getting invoked. I also tried extending the LogoutController and adding the following in GetAsync method. But I'm getting an error.

liangshiwei created 2 days ago

Support Team Fullstack Developer

Hi,

It works for me

context.Services.AddAuthentication()
    .AddOpenIdConnect("AzureOpenId", "Azure AD OpenId", options =>
    {
        options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAd:TenantId"] + "/v2.0/";
        options.ClientId = configuration["AzureAd:ClientId"];
        options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
        options.CallbackPath = configuration["AzureAd:CallbackPath"];
        options.ClientSecret = configuration["AzureAd:ClientSecret"];
        options.RequireHttpsMetadata = false;
        options.SaveTokens = true;
        options.GetClaimsFromUserInfoEndpoint = true;
        options.Scope.Add("email");
        options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
    });

[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(LogoutModel))]
public class MyLoginOutModel : LogoutModel
{
    public override async Task<IActionResult> OnGetAsync()
    {
        if (CurrentUser.IsAuthenticated)
        {
            await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext
            {
                Identity = IdentitySecurityLogIdentityConsts.Identity,
                Action = IdentitySecurityLogActionConsts.Logout
            });
        }
        //
        await SignInManager.SignOutAsync();
        await HttpContext.SignOutAsync(ConfirmUserModel.ConfirmUserScheme);
        await HttpContext.SignOutAsync(ChangePasswordModel.ChangePasswordScheme);
       
        return SignOut("AzureOpenId");
     
    }
}

0

liangshiwei created 2 days ago
Support Team Fullstack Developer
0

neethucp created 2 days ago

The following is our configuration. Added client credentials as dynamic options, so that each tenant can configure their own credentials.

OnGetAsync of logout model is not even getting executed. Is there anything else I have to do to make this work? Is the configuration added in Auth Server in the sample you provided?
0

liangshiwei created 2 days ago
Support Team Fullstack Developer

Is the configuration added in Auth Server in the sample you provided?

No, i didn't do any configuration else. that's all

you can share a simple example with me, i will check it.

my email is shiwei.liang@volosoft.com
0

neethucp created 2 days ago

Hi,

I have just added the configuration as mentioned in the document.

https://docs.abp.io/en/commercial/latest/modules/account#ipostconfigureaccountexternalprovideroptions

I have also added dynamic options configuration in the identity service. Login is working perfectly. When I checked the AbpAccountAuthenticationRequestHandler I couldn't find any handling for Signout.
0

liangshiwei created 2 days ago
Support Team Fullstack Developer

you can share a simple example with me, i will check it.

Have an answer to this question? Log in and write your answer.