Identityserver4: Issue with logoutid, not available in implicit flow from oidc-client.js

Created on 20 Apr 2017 · 14Comments · Source: IdentityServer/IdentityServer4

hi I am using identity server 4 implicit flow,

I am able to perform login and logout using oidc-client.js library,

but when logout on the identity server -- > account controller --> Logout action parameter "logoutid" is receiving null due to which I cannot get the information about client.

I am using ASP.Net Identity to sign in the users, this is the only difference I found out when compared with quickstart example.

can any one help me solve the issue?

This issue is only for Implicit flow JavaScript application, I am receiving logoutid when working with MVC application.

question

Source

pmaheshgupta

Most helpful comment

Hi, @pmaheshgupta
Your PostLogoutRedirectUris don't mach on server and client:
var config = { ... post_logout_redirect_uri: "http://localhost:5003/loggedout.html", ... }; clients.Add(new Client { ... PostLogoutRedirectUris = { "http://localhost:5003/index.html" }, ... }

I've had a similar problem, and for some reason in log it was stated as 'info' and not an 'error', what is really easy to miss
info: IdentityServer4.Validation.EndSessionRequestValidator[0] End session request validation failure: Invalid post logout URI

kholodOlexandr on 10 May 2017

👍2

All 14 comments

Not sure. Check the network trace to see if anything stands out.

brockallen on 20 Apr 2017

hi brockallen, thanks for the reply,

found out that /endsession call is not returning logout id in the response. and found an blocked network call in the console even though mentioned port is not related to the application.

attached the console image.. first error is at the time of page load & the second error is at the time of logout
logoutidissue

pmaheshgupta on 21 Apr 2017

What do the logs say in IdSvr?

brockallen on 21 Apr 2017

hi brockallen..

below is the log from the IDSvr

2017-04-24T13:20:27.4466619+05:30 0HL4ASQ9B9JPD [ERR] Error processing end session request "Invalid request" (7af74809)

I am able to find only this information

pmaheshgupta on 24 Apr 2017

I have this issue too in a MVC Client with implicit flow.
Here is what log says:

[12:23:51 Information] IdentityServer4.Validation.EndSessionRequestValidator
End session request validation failure: Invalid post logout URI
{
  "ClientId": "myclient",
  "ClientName": "myclient",
  "SubjectId": "e8293e6c-ac00-48bb-8aa9-2b8b3f9a5a41",
  "Raw": {
    "post_logout_redirect_uri": "http://localhost:6200/signout-callback-oidc",
    "id_token_hint": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkRCMUU3NDFBOTEwMEJGQjA2RUVDQjA1Q0M1MzlFNjg3QjlGNjNEQUQiLCJ0eXAiOiJKV1QiLCJ4NXQiOiIyeDUwR3BFQXY3QnU3TEJjeFRubWg3bjJQYTAifQ.eyJuYmYiOjE0OTMwMjAwODksImV4cCI6MTQ5MzAyMDM4OSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiYXVkIjoiZHJpdmluZyIsIm5vbmNlIjoiNjM2Mjg2MTY4ODYzMTYzNTc4Lk16Y3dNRGM1WldVdFl6UXlZaTAwTnpVNUxUZzNaR0V0WVdVME1HWTVNRGd6TWpobVkyWTFZemhsWm1ZdE0yTTRNeTAwWmpJeExUZ3lPREl0Wmprd05tRXdZakZrWkdSbSIsImlhdCI6MTQ5MzAyMDA4OSwiYXRfaGFzaCI6InVFTkZwckFCbVA2alJQVjBxbGRvWXciLCJzaWQiOiI4YTAyMjcyM2ZjYWYzYTdmYjYxZjIwMzU4MGU4YjM2MiIsInN1YiI6ImU4MjkzZTZjLWFjMDAtNDhiYi04YWE5LTJiOGIzZjlhNWE0MSIsImF1dGhfdGltZSI6MTQ5Mjk4MzEzMSwiaWRwIjoibG9jYWwiLCJhbXIiOlsicHdkIl19.BvJce2oP1vT37U9qVH-TRIeG2asVlHoM2FPqseXRzr2d3adkI_HOavyepyXxqdxWitjEu-Ep7j_MTNv6LSvnIi8QUfbIDjcTJfzk1LnBca8N1UpqbaE2Y5SX12h17uNLqPU3T-LyWRnuhXzKe0TyjaY6AR2akt7jzJ82zy_gv3eSK0ztauqgB0SQ3RNJPnUy2Dmk6hFDvq4maauGo-jZvwIAuZVrdaHZYbv2PLzjWe8RAiUPaykqCmvxzR2Re46hNSMmY6ERY7sN4f25C58l5FNBAt33jtpsOytDw1dHF6gnZpQDAdwlRpWzHhKyVnxEEkbGIvAE_wLXcRab1T9exw",
    "state": "CfDJ8LNDbCJS4RRCtBFOjCXAHYzluDD6k7DpK0pBziduOxq0LA9bBjkV4N1doxcyWnVRKPjhaMO0c85j2MgNLzPN6PlN1v-_aXyfTDFupekDVz9Y06m2UQwUVDOi8EeVRefTPHd28D5fGKiBv61RuZI8ObQjQ41t3szcBfnQgp61vkYm"
  }
}

info: IdentityServer4.Validation.EndSessionRequestValidator[0]
      End session request validation failure: Invalid post logout URI
      {
        "ClientId": "myclient",
        "ClientName": "myclient",
        "SubjectId": "e8293e6c-ac00-48bb-8aa9-2b8b3f9a5a41",
        "Raw": {
          "post_logout_redirect_uri": "http://localhost:6200/signout-callback-oidc",
          "id_token_hint": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkRCMUU3NDFBOTEwMEJGQjA2RUVDQjA1Q0M1MzlFNjg3QjlGNjNEQUQiLCJ0eXAiOiJKV1QiLCJ4NXQiOiIyeDUwR3BFQXY3QnU3TEJjeFRubWg3bjJQYTAifQ.eyJuYmYiOjE0OTMwMjAwODksImV4cCI6MTQ5MzAyMDM4OSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiYXVkIjoiZHJpdmluZyIsIm5vbmNlIjoiNjM2Mjg2MTY4ODYzMTYzNTc4Lk16Y3dNRGM1WldVdFl6UXlZaTAwTnpVNUxUZzNaR0V0WVdVME1HWTVNRGd6TWpobVkyWTFZemhsWm1ZdE0yTTRNeTAwWmpJeExUZ3lPREl0Wmprd05tRXdZakZrWkdSbSIsImlhdCI6MTQ5MzAyMDA4OSwiYXRfaGFzaCI6InVFTkZwckFCbVA2alJQVjBxbGRvWXciLCJzaWQiOiI4YTAyMjcyM2ZjYWYzYTdmYjYxZjIwMzU4MGU4YjM2MiIsInN1YiI6ImU4MjkzZTZjLWFjMDAtNDhiYi04YWE5LTJiOGIzZjlhNWE0MSIsImF1dGhfdGltZSI6MTQ5Mjk4MzEzMSwiaWRwIjoibG9jYWwiLCJhbXIiOlsicHdkIl19.BvJce2oP1vT37U9qVH-TRIeG2asVlHoM2FPqseXRzr2d3adkI_HOavyepyXxqdxWitjEu-Ep7j_MTNv6LSvnIi8QUfbIDjcTJfzk1LnBca8N1UpqbaE2Y5SX12h17uNLqPU3T-LyWRnuhXzKe0TyjaY6AR2akt7jzJ82zy_gv3eSK0ztauqgB0SQ3RNJPnUy2Dmk6hFDvq4maauGo-jZvwIAuZVrdaHZYbv2PLzjWe8RAiUPaykqCmvxzR2Re46hNSMmY6ERY7sN4f25C58l5FNBAt33jtpsOytDw1dHF6gnZpQDAdwlRpWzHhKyVnxEEkbGIvAE_wLXcRab1T9exw",
          "state": "CfDJ8LNDbCJS4RRCtBFOjCXAHYzluDD6k7DpK0pBziduOxq0LA9bBjkV4N1doxcyWnVRKPjhaMO0c85j2MgNLzPN6PlN1v-_aXyfTDFupekDVz9Y06m2UQwUVDOi8EeVRefTPHd28D5fGKiBv61RuZI8ObQjQ41t3szcBfnQgp61vkYm"
        }
      }
[12:23:51 Error] IdentityServer4.Endpoints.EndSessionEndpoint
Error processing end session request Invalid request

fail: IdentityServer4.Endpoints.EndSessionEndpoint[0]
      Error processing end session request Invalid request

mikeandersun on 24 Apr 2017

@mikeandersun I had a similar issue, and it was that the post logout url needs to be a local url. i.e. just "/signout-callback-oidc" I was doing my own end session request (i.e. not with an oidc lib).

I'd create a new issue for this, it doesn't seem completely related.

Mardoxx on 24 Apr 2017

😕1 👎1

hi all , uploaded the complete solution to github to help replicate the issue, the solution works with the SQLserver so included a create DB script also.

https://github.com/pmaheshgupta/Identityserver4samplescenarios

pmaheshgupta on 9 May 2017

kholodOlexandr on 10 May 2017

👍2

I've had a similar problem, and for some reason in log it was stated as 'info' and not an 'error', what is really easy to miss

If you feel that should be an error, feel free to open a new so we can discuss and possibly change.

brockallen on 10 May 2017

Hi, @kholodOlexandr

Cofiguration you are referring is obsolete. The shared solution works with DB for which I shared a script with data in the github. To replicate you can download the script and run on an empty db you will get the required data also.

In the DB it is configured correctly.

pmaheshgupta on 10 May 2017

Hi @brockallen ,
Can you pls suggest any possible solution to the issue - "missing logoutid"

pmaheshgupta on 10 May 2017

@pmaheshgupta
Sorry, I can't clone and run your project right now, but looking to the CreateDBScriptWIthData.sql seems like it still adds the wrong PostLogoutRedirectUri
`
INSERT [dbo].[Clients] ([Id], ... ) VALUES (4, 2592000, 120, 0, 1, 0, 0, 1, 0, 0, 300, N'jswebclient', N'jswebclient', NULL, 1, 1, 300, 0, NULL, 1, NULL, 1, N'oidc', 1, 1, 1, 0, 0, 1296000, 0, NULL, NULL)

INSERT [dbo].[ClientPostLogoutRedirectUris] ([Id], [ClientId], [PostLogoutRedirectUri]) VALUES (2, 4, N'http://localhost:5003/index.html')
`
Is CreateDBScriptWIthData.sql the script, used to populate DB with correct configuration you mentioned above?

kholodOlexandr on 10 May 2017

@kholodOlexandr ,

thanks a lot that solved the issue..
I was sure I made the configuration correct but some how I overlooked it....

pmaheshgupta on 11 May 2017

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.