问题
I'm having a strange problem on ADFS 2016. I have an Angular application that uses ng2-adal js to handle authentication and authorization of the application. When users logout from the application, they are not redirected back to the login page. I enabled debug traces in Event Viewer for ADFS and the error is:
OAuthSignoutProtocolHandler.ValidatePostLogoutRedirectUri: Validation result: False. RedirectUrl: http://localhost:4200/login
The specified redirect URL did not match any of the OAuth client's redirect URIs. The logout was successful but the client will not be redirected.
URL: http://localhost:4200/login
I have used the ADFS 2016 Application Groups, there i have my Native Client with this Redirect URL. If URL didn't exist users wouldn't be able to login in the first place.
Any help is much appreciated.
回答1:
Based on this github issue: https://github.com/AzureAD/azure-activedirectory-library-for-js/issues/677
I was able to logout and redirect back to login by adding the id_token_hint as an url parameter in the logout url.
The value of id_token_hint has to be the token received by ADFS. It is stored in SessionStorage (by default) and can be read like sessionStorage.getItem('adal.idtoken')
来源:https://stackoverflow.com/questions/48238555/adfs-2016-oauth-not-redirecting-to-login-page-after-logout