问题
I am building the following URL
https://login.microsoftonline.com/<tenantid>/oauth2/logout?client_id=<clientId>&post_logout_redirect_uri=<encodedurl>
It looks something like
https://login.microsoftonline.com/f4aaf6e1-ffff-ffff-bb63-4e8ebf728113/oauth2/logout?client_id=f562b4e3-ffff-ffff-b4bb-49ca64216e75&post_logout_redirect_uri=https%3A%2F%2Fmyazureapp.azurewebsites.net
It logs me out but does not redirect me back to my app
Like this URL does for azure
https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=https%3a%2f%2fmanage.windowsazure.com%2fSignOut%2fComplete
I have looked at the suggested related Q's and I have tried a few variations.
Edit it turned out to be an intermitted issue which I guess was due to some cookies / other state not be reset when I was doing my dev / test cycles. With a fresh browser it works. When it works the sign out screen says something like "Hang on a moment while we sign you out" then it redirects, when it does not work the screen says "you have been signed out, please close your browser"
回答1:
Set the Logout URL property in your AD application.
- Log into the AAD admin center portal
- Go to App registrations as shown
- Select your AD application
- Go to Properties
- Update your intended application logout redirection URL as shown
- Save
回答2:
I am assume you were using the OpenIDConnect flow and want to sign user out. To ensure the redirection from Azure AD to the URL we specify with post_logout_redirect_uri parameter, we need to register in the Reply URLs of app register on the Azure portal.
After that, we also need to ensure that the users are sign-in out in Azure AD successfully. For example, we sign-in the user after that we sign-out the user. This time the redirect should work expected. Then we send a sign-out request again, then this time the redirection will not work since the user already be sign-out.
In-addition, there is no need to provide the client_id parameter for the request to end_session_endpoint via OpenIdConnect flow. More detail about this OpenIdConnect, you can refer the document below:
Authorize access to web applications using OpenID Connect and Azure Active Directory
回答3:
I had this issue aswell, what worked for me is:
- I added my logout URL in the properties, and as reply URL aswell.
- The logout button has the following href:
https://login.windows.net/<tenant_id_of_your_app>/oauth2/logout?post_logout_redirect_uri=<logout_URL_of_your_app>/logout
来源:https://stackoverflow.com/questions/45935305/azure-ad-logout-url-not-redirecting