Identityserver4: Post Logout Redirect does not work.

Created on 26 Mar 2017  Â·  11Comments  Â·  Source: IdentityServer/IdentityServer4

I am trying to get redirected back to Client URL, but no success at this moment.
I am using examples from IdentityServer4.AspNetIdentity.
Here is my client setup on the Host:
new Client
{
ClientId = "mvc.hybrid",
ClientName = "MVC Hybrid",
ClientUri = "http://identityserver.io",

                ClientSecrets =
                {
                    new Secret("secret".Sha256())
                },

                AllowedGrantTypes = GrantTypes.Hybrid,
                AllowAccessTokensViaBrowser = false,

                //Default is true
                RequireConsent = false,

                RedirectUris = { "http://localhost:21402/signin-oidc" },
                LogoutUri = "http://localhost:21402/signout-oidc",
                PostLogoutRedirectUris = { "http://localhost:21402/signout-callback-oidc" },

                AllowOfflineAccess = true,

                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    IdentityServerConstants.StandardScopes.Email,
                    "api1", "api2.read_only", "api2.full_access"
                },
            },

Here is from my Client
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
....
app.UseStaticFiles();

  app.UseCookieAuthentication(new CookieAuthenticationOptions
  {
    AuthenticationScheme = "Cookies",
    AutomaticAuthenticate = true,
    ExpireTimeSpan = TimeSpan.FromMinutes(60)
  });

  JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

  app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
  {
    AuthenticationScheme = "oidc",
    SignInScheme = "Cookies",

    Authority = Constants.Authority,
    //LDE. Prod. should be set to true in production.
    RequireHttpsMetadata = false,

    ClientId = "mvc.hybrid",  //Configuration.GetSection("Client.Clients:ClientId").Value,
    ClientSecret = "secret",  //ClientSecret = Configuration.GetSection("Client.Clients:ClientSecrets").Value, 

    ResponseType = "code id_token",
    Scope = { "openid", "profile", "email", "api1", "offline_access" },
    GetClaimsFromUserInfoEndpoint = true,

    SaveTokens = true,

    TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
    {
      NameClaimType = JwtClaimTypes.Name,
      RoleClaimType = JwtClaimTypes.Role,
    }
  });

  //app.UseMvcWithDefaultRoute();

  // Add external authentication middleware below. To configure them please see http://go.microsoft.com/fwlink/?LinkID=532715
  app.UseMvc(routes =>
  {
    routes.MapRoute(
              name: "default",
              template: "{controller=Home}/{action=Index}/{id?}");
  });
}

Controller:
public IActionResult Logout()
{
return new SignOutResult(new[] { "Cookies", "oidc" });
}

After Logout it does not redirect to the Client, but stay on the Host page.
I do not see any errors in a log. please see log attached.

question
Source
picture epshlaz

All 11 comments

check the logs.

leastprivilege picture leastprivilege on 27 Mar 2017

Thanks a lot. I found the problem. It was my bad. Great product. Good luck in business.

epshlaz picture epshlaz on 29 Mar 2017
👎1

What was the root cause? I met the same issue.

MartaTurchyniak picture MartaTurchyniak on 28 Jul 2017

Hi MartaTurchyniak, It was my problem, nothing to do with IdentityServer4 code sample. i modified a code incorrectly. so after fixing my own modification, it works as expected.

epshlaz picture epshlaz on 28 Jul 2017
👎1

@epshlaz when i sigin out in client,if i wouldn't like to redirect to ids4 ,how can i do? use end session endpoint?

wangpengxpy picture wangpengxpy on 18 Apr 2018

@wangpengxpy
You should to have appropriate Client configuration in the IdentityHost.
new Client
{
@.......
// where to redirect to after logout
PostLogoutRedirectUris = { "http://YourClienthost:port/signout-callback-oidc" },
.............
}

epshlaz picture epshlaz on 19 Apr 2018

@epshlaz I have configured as above。

wangpengxpy picture wangpengxpy on 19 Apr 2018

@wangpengxpy
Check if you have Logout action like below:

public async Task Logout()
{
  await HttpContext.SignOutAsync("Cookies");
  await HttpContext.SignOutAsync("oidc");
}
epshlaz picture epshlaz on 23 Apr 2018

@epshlaz It's work well, but i want to exit directly in client instead of redirect to IdentityServer.

wangpengxpy picture wangpengxpy on 23 Apr 2018

@wangpengxpy
Sorry, maybe i do not understand your problem. This is how how it works for me.
Logout action is on client side. Next is Logout on the IdentityServer and next redirect to your client back. So it is transparent for client. You start on a client get back to client bact on
PostLogoutRedirectUris = { "http://YourClienthost:port/signout-callback-oidc" }.
If you are not redirected back to client, something is wrong in your code.

epshlaz picture epshlaz on 24 Apr 2018

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 13 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

agilenut picture agilenut  Â·  3Comments
Aravind1729 picture Aravind1729  Â·  3Comments
wangkanai picture wangkanai  Â·  3Comments
cixonline picture cixonline  Â·  3Comments
osudude picture osudude  Â·  3Comments