'Unable to logout using spring security OidcClientInitiatedLogoutSuccessHandler from ADFS server

When I do logout, It should redirect to end_session_endpoint of ADFS which is "https://fed04.fcagroup.com/adfs/oauth2/logout" however its redirecting back to home page without prompting for login.

spring security oauth client configuration for the web app Updates: I have also added issuer-uri as follows.

spring:
  security:
    oauth2:
      client:
        registration:
          adfs: 
            client-id: XXXXX-XXXX-XXXX-XXXXX
            scope: openid,email
            redirect-uri: https://<app_domain>.azurewebsites.net/home
            client-authentication-method: basic
            authorization-grant-type: authorization_code
        provider:
          adfs:
            authorization-uri: https://<domain>/adfs/oauth2/authorize?resource=<web-api-identifier>
            token-uri: https://<domain>/adfs/oauth2/token
            user-info-authentication-method: query
            jwk-set-uri: https://<domain>/adfs/discovery/keys
            user-name-attribute: upn
            user-info-uri: https://<domain>/adfs/userinfo
            issuer-uri: https://<domain>/adfs

SecurityConfig.java


@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    
    

    
    @Autowired
    ClientRegistrationRepository clientRegistrationRepository; 
    
    private OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler() { 
        OidcClientInitiatedLogoutSuccessHandler successHandler = new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
        successHandler.setPostLogoutRedirectUri("https://<app_domain>.azurewebsites.net");
        return successHandler;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
          .authorizeRequests()
          .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
          .antMatchers("/home", "/login**","/callback/", "/webjars/**", "/error**", "/oauth2/authorization/**")
          .permitAll()
          .anyRequest()
          .authenticated()
          .and()
          .logout()
//          .logoutSuccessHandler(myLogoutHandler)
          .logoutSuccessHandler(oidcLogoutSuccessHandler())
          .invalidateHttpSession(true)
          .clearAuthentication(true)
          //.permitAll()
          .and() 
          .oauth2Login();
    
}
springspring-securityadfs4.0


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Upload data file as byte array with Feign

Apache Camel: Set body from resource

How to configure log4j in a Spring Mvc application configured with Java Annotations and using a log4j.properties file

SonnarQube's issue: change code to not construct the URL from user-controlled data

How do I produce just one message using Spring Cloud Stream w/o deprecated @Output, or turn off polling?

Error creating bean with name 'entityManagerFactory'

Spel not supported on spring annotation @Scheduled.fixedDelayString

How to run gradle based spring boot application in background using command line in ubuntu?

AuthenticationSuccessEvent never fired

Spring @Value annotation always evaluating as null?

Spring MongoDB query sorting

Map JSON default tag to java variable

Spring Hibernate Jackson Hibernate5Module

Spring JUnit: How to Mock autowired component in autowired component

Flyway Found more than one migration with version