- ABP Framework version: v8.2.0
- UI Type: Blazor Server
- Database System: EF Core
- Tiered (for MVC) or Auth Server Separated (for Angular): yes
Hi,
We have integrated Azure AD authentication in our application. However, when we try to logout, it does not logout from Azure AD. Can you please guide us on how to implement logout from external provider in abp?
10 Answer(s)
-
0
-
0
Hi,
What we are looking for is to logout from the external provider, by invoking the end session endpoint, and perform a single sign out. We have registered Azure AD as external provider in the auth server using OpenID Connect with dynamic options. So, when we logout we want to redirect to Azure AD logout uri.
-
0
Hi,
After my check, This is the default behavior.
If you want to logout from Azure Id, You need to redirect manually.
For example:
[Dependency(ReplaceServices = true)] [ExposeServices(typeof(LogoutModel))] public class MyLoginOutModel : LogoutModel { public override async Task<IActionResult> OnGetAsync() { if (CurrentUser.IsAuthenticated) { await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext { Identity = IdentitySecurityLogIdentityConsts.Identity, Action = IdentitySecurityLogActionConsts.Logout }); } // await SignInManager.SignOutAsync(); await HttpContext.SignOutAsync(ConfirmUserModel.ConfirmUserScheme); await HttpContext.SignOutAsync(ChangePasswordModel.ChangePasswordScheme); // redirect to azure id return Redirect("https://login.microsoftonline.com/common/oauth2/v2.0/logout?post_logout_redirect_uri=https://localhost:44382/Account/Login"); } }
-
0
-
0
Hi,
It works for me
context.Services.AddAuthentication() .AddOpenIdConnect("AzureOpenId", "Azure AD OpenId", options => { options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAd:TenantId"] + "/v2.0/"; options.ClientId = configuration["AzureAd:ClientId"]; options.ResponseType = OpenIdConnectResponseType.CodeIdToken; options.CallbackPath = configuration["AzureAd:CallbackPath"]; options.ClientSecret = configuration["AzureAd:ClientSecret"]; options.RequireHttpsMetadata = false; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Add("email"); options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub"); });
[Dependency(ReplaceServices = true)] [ExposeServices(typeof(LogoutModel))] public class MyLoginOutModel : LogoutModel { public override async Task<IActionResult> OnGetAsync() { if (CurrentUser.IsAuthenticated) { await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext { Identity = IdentitySecurityLogIdentityConsts.Identity, Action = IdentitySecurityLogActionConsts.Logout }); } // await SignInManager.SignOutAsync(); await HttpContext.SignOutAsync(ConfirmUserModel.ConfirmUserScheme); await HttpContext.SignOutAsync(ChangePasswordModel.ChangePasswordScheme); return SignOut("AzureOpenId"); } }
-
0
-
0
The following is our configuration. Added client credentials as dynamic options, so that each tenant can configure their own credentials.
OnGetAsync of logout model is not even getting executed. Is there anything else I have to do to make this work? Is the configuration added in Auth Server in the sample you provided?
-
0
Is the configuration added in Auth Server in the sample you provided?
No, i didn't do any configuration else. that's all
you can share a simple example with me, i will check it.
my email is shiwei.liang@volosoft.com
-
0
Hi,
I have just added the configuration as mentioned in the document.
https://docs.abp.io/en/commercial/latest/modules/account#ipostconfigureaccountexternalprovideroptions
I have also added dynamic options configuration in the identity service. Login is working perfectly. When I checked the AbpAccountAuthenticationRequestHandler I couldn't find any handling for Signout.
-
0
you can share a simple example with me, i will check it.