我在ADFS 2016上遇到一个奇怪的问题. 我有一个使用ng2-adal js处理应用程序的身份验证和授权的Angular应用程序. 用户从应用程序注销时,他们不会重定向回到登录页面. 我在事件查看器中为ADFS启用了调试跟踪,错误是:
I'm having a strange problem on ADFS 2016. I have an Angular application that uses ng2-adal js to handle authentication and authorization of the application. When users logout from the application, they are not redirected back to the login page. I enabled debug traces in Event Viewer for ADFS and the error is:
OAuthSignoutProtocolHandler.ValidatePostLogoutRedirectUri:验证结果:False. RedirectUrl: localhost:4200/login
OAuthSignoutProtocolHandler.ValidatePostLogoutRedirectUri: Validation result: False. RedirectUrl: localhost:4200/login
指定的重定向URL与任何OAuth客户端的重定向URI不匹配.注销成功,但客户端将不会重定向.
URL: localhost:4200/login
URL: localhost:4200/login
我使用了ADFS 2016应用程序组,在那里我的本地客户端具有此重定向URL.如果不存在URL,则用户将无法首先登录.
I have used the ADFS 2016 Application Groups, there i have my Native Client with this Redirect URL. If URL didn't exist users wouldn't be able to login in the first place.
非常感谢您的帮助.
推荐答案基于此github问题: github/AzureAD/azure-activedirectory- library-for-js/issues/677
Based on this github issue: github/AzureAD/azure-activedirectory-library-for-js/issues/677
我能够注销并通过在注销url中添加id_token_hint作为url参数来重定向回登录.
I was able to logout and redirect back to login by adding the id_token_hint as an url parameter in the logout url.
id_token_hint的值必须是ADFS收到的令牌.它存储在SessionStorage中(默认情况下),可以像这样读取 sessionStorage.getItem('adal.idtoken')
The value of id_token_hint has to be the token received by ADFS. It is stored in SessionStorage (by default) and can be read like sessionStorage.getItem('adal.idtoken')
更多推荐
注销后ADFS 2016 oAuth不会重定向到登录页面
发布评论