注销后ADFS 2016 oAuth不会重定向到登录页面

本文介绍了注销后ADFS 2016 oAuth不会重定向到登录页面的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我在ADFS 2016上遇到一个奇怪的问题. 我有一个使用ng2-adal js处理应用程序的身份验证和授权的Angular应用程序. 用户从应用程序注销时，他们不会重定向回到登录页面. 我在事件查看器中为ADFS启用了调试跟踪，错误是:

I'm having a strange problem on ADFS 2016. I have an Angular application that uses ng2-adal js to handle authentication and authorization of the application. When users logout from the application, they are not redirected back to the login page. I enabled debug traces in Event Viewer for ADFS and the error is:

OAuthSignoutProtocolHandler.ValidatePostLogoutRedirectUri:验证结果:False. RedirectUrl: localhost:4200/login

OAuthSignoutProtocolHandler.ValidatePostLogoutRedirectUri: Validation result: False. RedirectUrl: localhost:4200/login

指定的重定向URL与任何OAuth客户端的重定向URI不匹配.注销成功，但客户端将不会重定向.

URL: localhost:4200/login

URL: localhost:4200/login

我使用了ADFS 2016应用程序组，在那里我的本地客户端具有此重定向URL.如果不存在URL，则用户将无法首先登录.

I have used the ADFS 2016 Application Groups, there i have my Native Client with this Redirect URL. If URL didn't exist users wouldn't be able to login in the first place.

非常感谢您的帮助.

推荐答案

基于此github问题: github/AzureAD/azure-activedirectory- library-for-js/issues/677

Based on this github issue: github/AzureAD/azure-activedirectory-library-for-js/issues/677

我能够注销并通过在注销url中添加id_token_hint作为url参数来重定向回登录.

I was able to logout and redirect back to login by adding the id_token_hint as an url parameter in the logout url.

id_token_hint的值必须是ADFS收到的令牌.它存储在SessionStorage中(默认情况下)，可以像这样读取 sessionStorage.getItem('adal.idtoken')

The value of id_token_hint has to be the token received by ADFS. It is stored in SessionStorage (by default) and can be read like sessionStorage.getItem('adal.idtoken')