Base solution for your next web application
Open Closed

Logging out of ANZ when you have external Azure AD configured as Auth Provider #9264


User avatar
0
jtallon created

Hi there.

How do I configure the logout of the ANZ when configured with Azure AD (AAD)?

With that configured, when I click on logout, if does logout of the AAD. Is there anything missing from the config below?


5 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @jtallon,

    AspNet Zero doesn't provide external logout. So, when you logout, it just logs out the user from AspNet Zero, not from OpenId Connect provider.

  • User Avatar
    0
    jtallon created

    Of we have OpenId configured, can a logout url be defined in the OpenId config?

  • User Avatar
    0
    gterdem created
    Support Team

    Hello @jtallon; Most of the openid providers doesn't allow 3rd party signout. This means, if you integrated google login to your application, when login with google account and logout; you won't be able to logged out of google account but your application only. That is something up to openid providers.

    For AzureAD you should be able to logout from AzureAD. After you signout from your cookie and openid schemes, you need to make a request to https://login.microsoftonline.com/tenant-id/oauth2/logout?post_logout_redirect_uri=<optional_uri>.

    Here is a sample that can help you out https://github.com/Azure-Samples/active-directory-dotnet-web-single-sign-out.

    I hope it was helpful.

  • User Avatar
    0
    jtallon created

    Thanks @gterdem.

    Finally, is there a config or flag in ANZ that the client would be able to check if the user is logged in using an external provider or into zero. Obviously, because the user can login using an external provider (AzureAD, etc.) or using ANZ, then knowing which type was used woudl be useful because the logout links/actions would be different.

    Regards John

  • User Avatar
    0
    gterdem created
    Support Team

    Hello @jtallon,

    Yes, AbpUserLogin (based on Microsoft Identity) is the table you need to check out.