Log out doesn't work

[ESadouski]

Issue type bug report

Issue description: Log out doesn't work for Guest users, but it works for Members. Adal library v1.0.17

Steps to reproduce:

1. Login to the app with Guest user type
2. Logout

Current behavior: After logout, you redirect to

https://login.microsoftonline.com/***/oauth2/logout?post_logout_redirect_uri=***

but then there is no redirect to the post_logout_redirect_uri

Expected behavior: After logout, you redirect to

https://login.microsoftonline.com/***/oauth2/logout?post_logout_redirect_uri=***

and then there is should be redirect to the post_logout_redirect_uri

[benjaminao]

Hi, I have the same issue, can you help me with that, this is my Adal Configuration: { tenant: 'XXXXXXXXXXXXXXXXXXXXXXXXXX', clientId: clientId, redirectUri: window.location.origin + '/#/home', postLogoutRedirectUri: window.location.origin + '/#/login', extraQueryParameter: 'prompt=select_account' }

When I call the logout() method go to a screen with this message "You signed out of your account It's a good idea to close all browser windows." and no redirect to my postLogoutRedirectUri also when close and try to log in the user still signed in. But when I login with a member account work perfect. Please help me with that, currently I have a app in production with this problem

[nehaagrawal]

@ESadouski can you please paste your adal configuration here?

[benjaminao]

public get getAdalConfig(): any { let clientId = this.appConfig.getConfig('adalClient'); let apiUrl = this.appConfig.getConfig('api');

return {
  tenant: 'XXXXXXXXXXXXXXXXXXXXXXXX',
  clientId: clientId,
  redirectUri: window.location.origin + '/#/home',
  postLogoutRedirectUri: window.location.origin + '/#/login',
  extraQueryParameter: 'prompt=select_account'
};

[nehaagrawal]

@ESadouski @benjaminao we are working on this issue and I will let you know once I have fix. Thank you for your patience.

[nehaagrawal]

@ESadouski @benjaminao can you please add the post_logout_redirect_uri as the logout_url on the app registration portal and try again?

[nehaagrawal]

@ESadouski @benjaminao Can you please confirm if it works after adding post_logout_redirect_uri as the logout_url on the app registration portal

[benjaminao]

Hi, @nehaagrawal, thanks for taking the time to help us, I did it and it does not work.

[nehaagrawal]

@benjaminao I wasn't able to reproduce this issue in adal. I was able to reproduce in msal though. Is it possible for you to send a fiddler for this issue?

[benjaminao]

@nehaagrawal The problem is with Guest users! If the user is a member of the azure account work fine! But if the user is not a member the logout doesn’t work

[ESadouski]

Hi @nehaagrawal, I also tried post_logout_redirect_uri, but unfortunately, it's still not working. Any news from your side?

[benjaminao]

@nehaagrawal The problem is with Guest users! If the user is a member of the azure account work fine! But if the user is not a member the logout doesn’t work. Any news from your side?

[benjaminao]

Hi @ESadouski, did you fix the problem?

[ESadouski]

Hi @benjaminao unfortunately not, The problem still exists.

[benjaminao]

@ESadouski Hi, can you check why when you try to logout() don't still sing in and not redirect?

this is my package.json

"dependencies": { "@agm/core": "1.0.0-beta.1", "@angular/animations": "4.4.6", "@angular/common": "4.4.0-RC.0", "@angular/compiler": "4.4.0-RC.0", "@angular/core": "4.4.0-RC.0", "@angular/forms": "4.4.0-RC.0", "@angular/http": "4.4.0-RC.0", "@angular/platform-browser": "4.4.0-RC.0", "@angular/platform-browser-dynamic": "4.4.0-RC.0", "@angular/router": "4.4.0-RC.0", "@types/googlemaps": "3.30.1", "@types/moment": "2.13.0", "adal-angular": "1.0.16", "angulartics2": "^4.6.3", "classlist.js": "1.1.20150312", "core-js": "2.4.1", "expose-loader": "0.7.4", "file-saver": "^1.3.8", "font-awesome": "4.7.0", "moment": "2.19.1", "ng2-toastr": "4.1.2", "primeng": "4.3.0", "rxjs": "5.5.11", "ts-helpers": "1.1.1", "web-animations-js": "^2.3.1", "zone.js": "0.8.17" },

my adal config is tenant: 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX', clientId: clientId, isAngular: true, redirectUri: window.location.origin + '/#/home', postLogoutRedirectUri: window.location.origin + '/#/login', extraQueryParameter: 'prompt=select_account'

in the node_module/adal-angular/lib/adal.js

AuthenticationContext.prototype.logOut = function () { this.clearCache(); //<<<<<<<<<<<<<<<< this line look like no clear the cache this._user = null; var urlNavigate;

    if (this.config.logOutUri) {
        urlNavigate = this.config.logOutUri;
    } else {
        var tenant = 'common';
        var logout = '';

        if (this.config.tenant) {
            tenant = this.config.tenant;
        }

        if (this.config.postLogoutRedirectUri) { 
       //<<<<<<<<<<<<<<<< affter logout don't work also no redirect according my configuration
            logout = 'post_logout_redirect_uri=' + encodeURIComponent(this.config.postLogoutRedirectUri);
        }

        urlNavigate = this.instance + tenant + '/oauth2/logout?' + logout;
    }

    this.info('Logout navigate to: ' + urlNavigate);
    this.promptUser(urlNavigate);
}; 

[benjaminao]

[benjaminao]

[benjaminao]

[benjaminao]

In the adal.js

[benjaminao]

When I try to login the user still signed in

[benjaminao]

Please let me know if need more information about it! The adal.js have this issue!! @nehaagrawal The problem is with Guest users! If the user is a member of the azure account work fine! But if the user is not a member the logout doesn’t work

[benjaminao]

I try using this add id_token_hint to logout url #677 and the redirect work perfect but when try to login the the user still signed in

[StuntThumper88]

Was this resolved? Im having this issue too

[benjaminao]

@StuntThumper88 No, I still waiting for a solution!

[JACrazy]

noticing this issue too

[mokutsu]

hey we're also noticing similar issues

[kameelyan]

Having a similar issue as well. Looking at the network tab:

Request URL: https://login.microsoftonline.com/KTGLBUC.onmicrosoft.com/oauth2/logout?post_logout_redirect_uri=

The next request is: Request URL: https://login.live.com/logout.srf?id=12&ru=https%3a%2f%2flogin.microsoftonline.com%2fktglbuc.onmicrosoft.com%2foauth2%2flogoutredirect

And finally the user is stopped at this page: Request URL: https://login.microsoftonline.com/ktglbuc.onmicrosoft.com/oauth2/logoutredirect?lc=1033

[Lukbrayn123]

Facing logout problem in adal-angular v1.0.17. I am logged in with one user, then duplicate a tab and logged out the user and in this tab logged in with different user. When going to the previous user and refresh page user does not log in with the new user, old user can able to perform actions. I am using session storage to store token. This is not accepted, If the user logged out, then it should be logged out from all tabs. The session should be updated with the latest data.

[raviji]

am also facing this issue in my application and waiting for the solution

[slomangino123]

I am seeing the exact issue above using angular-msal wrapper that @benjaminao stated. My user is still signed in after first logout action. If i log in again with that user, it states that the user is still logged in. If i log out a second time, the user is successfully logged out and the redirect works as expected. Still waiting for a solution.

[dimaatkaev]

Hello @nehaagrawal, do you have any updated with this issue?

[sameerag]

@dimaatkaev Is this seen with ADAL JS or MSAL JS? Also can you please share the version of the library used? I do think latest MSAL JS (core and not angular) does not have this issue.

[dimaatkaev]

@sameerag I believe this is an issue of the platform, not the lib, I'm using self-written lib

[sameerag]

@dimaatkaev I can open a service ticket to the STS team provided I have a faithful repro. Can you please share the steps?

[dimaatkaev]

@sameerag, sorry for the later answer you can use the steps provided by @ESadouski in the initial issue: https://github.com/AzureAD/azure-activedirectory-library-for-js/issues/811#issue-366332243

[abhilashrainchu]

@kameelyan i am also facing a similar issue, Does the issue got resolved ?

[kameelyan]

Sorry @abhilashrainchu, it was not.

[jmckennon]

@sameerag was this fixed with the release of msal@1.2.0?

[yesoreyeram]

@sameerag was this fixed? Anyone have workaround?

[dalaoque]

I have the same problem. Is there a solution?

[dalaoque]

Ok, I solved it!

[kameelyan]

Care to share your solution @dalaoque ?

[abhilashrainchu]

Can you please share the solution

Sent from my iPhone

On Mar 30, 2020, at 9:33 AM, John notifications@github.com wrote:

 Ok, I solved it!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

[poly-eric]

In my view, this problem is caused by your credential is stored in SSL cert with msal.. (you may try to clear ssl cert in internet option) but msal logout does not remove your certification... so when you attempt to the login page, it keeps you sign-in..

[svr1106]

anyone got the solution ?

[jasonnutter]

To enable post logout redirect, you need to register a front-channel logout uri, and add your post logout redirect as a redirect uri in your app registration in teh Azure portal.

Closing, if you are still having issues, please open a new issue at the MSAL.js repo (where we are moving ADAL.js): https://github.com/AzureAD/microsoft-authentication-library-for-js/issues