Activities of "m.veckas"

All Question Answer
Newest Oldest
How to implement single signout using abp? #4595
Answer

Hi,

What is your login flow in the environment flow. (There is two login flows. the resource owner's password flow and standard way. Resource owner flow login in angular UI, stantart flow is redirect to Backend or Openiddict). Could you share your enviroment (sanitized by sensitive datas)

We are using standard flow

Your authentication flow is Oauth2 ? What is your SSO server? Openiddict or Magento ? Who is gave token and check them?

Yes, Oauth2. Our SSO server is Openddict

Maliming, Muhammend are sent answers. What is the problem ? which step didn't fix expectation.

When user is logging in to external application with ABP Openddict, he is logged in only in the abp backend (he is not logged in to the angular application and the session for angular application is not created). Then the user tries to log out from external application, we are redirecting the user to the angular application logout endpoint, but in angular application he is not logged in. That causes the logout problem - user is not logged out from abp, also is not redirected to the external application logout endpoint.

Steps to reproduce the issue:

  1. Login to the external application with ABP Openddict
  2. Do not open the angular application
  3. Try to logout from the external application.

Logout only works when we are logging in to the external application with ABP Openddict, then we are logging in to the angular application and only then trying to logout from external app.

How to implement single signout using abp? #4595
Question

Hello,

we are trying to implement single sign on and single logout functionality to our systems (abp self service system and Magento2 ecommerce). We have a problems with single logout. Last month we opened an issue (https://support.abp.io/QA/Questions/4229/How-to-implement-single-signout-using-abp) but it doesn't fits our requirements, because it opens an ecommerce website logout endpoint in the new browser tab (see the code snippet below).

import { Component } from '@angular/core';
import { Router } from '@angular/router';
import { OAuthService } from 'angular-oauth2-oidc';
import { filter } from 'rxjs';

@Component({
  selector: 'app-root',
  template: `
    <abp-loader-bar></abp-loader-bar>
    <abp-dynamic-layout></abp-dynamic-layout>
    <abp-gdpr-cookie-consent></abp-gdpr-cookie-consent>
  `,
})
export class AppComponent {
  constructor(oAuthService: OAuthService) {
     oAuthService.events.pipe(filter(e => e.type === 'logout')).subscribe(() => { 
      const currentUrl = router.url.split('?')[0];
      //check logout location
      if (currentUrl !== '/logout') {
        // logout from rp
        window.open('otherclientloguturl', '_blank');
      }
    });
  }
}

We have tried to change the window.open('otherclientloguturl', '_blank'); to window.open('otherclientloguturl', '_self'); but then the single logout stops working.

Also, we have created a new angular component responsible for redirecting to the ecommerce logout endpoint in the event:

@Component({
  selector: 'app-root',
  template: `
    <abp-loader-bar></abp-loader-bar>
    <abp-dynamic-layout></abp-dynamic-layout>
    <abp-gdpr-cookie-consent></abp-gdpr-cookie-consent>
  `,
})
export class AppComponent {
  constructor(oAuthService: OAuthService) {
     oAuthService.events.pipe(filter(e => e.type === 'logout')).subscribe(() => { 
      const currentUrl = router.url.split('?')[0];
      //check logout location
      if (currentUrl !== '/logout') {
        // navigate to redirect-to-ecommerce-logout component
        router.navigate(['/redirect-to-ecommerce-logout']);
      }
    });
  }
}

logout component:

@Component({
  selector: '',
  template: '',
})
class LogoutComponent {
  constructor(authService: OAuthService, route: ActivatedRoute) {
    route.queryParams.subscribe(params => {
      const { post_logout_redirect_uri } = params;
      authService.revokeTokenAndLogout({ post_logout_redirect_uri });
    });
  }
}

redirect-to-ecommerce-logout component:

@Component({ 
 selector: 'app-redirect-to-ecommerce-logout',  
templateUrl: './redirect-to-ecommerce-logout.component.html',  
styleUrls: ['./redirect-to-ecommerce-logout.component.scss']
})

export class RedirectToEcommerceLogoutComponent implements OnInit {
  constructor() {   
      window.open('otherclientlogouturl', '_self');  
  }
  ngOnInit(): void {  
  }
}

With this implementation it opens the ecommerce logout endpoint as expected but doesn't logout from abp, it seems that it doesn't waits until abp logouts itself and redirects to the ecommerce.

Maybe you could give us an example, how to implement Single Logout with redirects in the single browser tab?

UI type: Angular DB provider: EF Core Tiered (MVC) or Identity Server Separated (Angular): no

Showing 1 to 2 of 2 entries
Made with ❤️ on ABP v8.2.0-preview Updated on March 25, 2024, 15:11