当我注销时,它应该重定向到 ADFS 的 end_session_endpoint,即“https://fed04.xxxxxxx.com/adfs/oauth2/logout”,但它会重定向回主页而不提示登录。
Web 应用程序的 spring security OAuth 客户端配置 更新:我还添加了发行者 URI,如下所示。
spring:
security:
oauth2:
client:
registration:
adfs:
client-id: XXXXX-XXXX-XXXX-XXXXX
scope: openid,email
redirect-uri: https://<app_domain>.azurewebsites.net/home
client-authentication-method: basic
authorization-grant-type: authorization_code
provider:
adfs:
authorization-uri: https://<domain>/adfs/oauth2/authorize?resource=<web-api-identifier>
token-uri: https://<domain>/adfs/oauth2/token
user-info-authentication-method: query
jwk-set-uri: https://<domain>/adfs/discovery/keys
user-name-attribute: upn
user-info-uri: https://<domain>/adfs/userinfo
issuer-uri: https://<domain>/adfs
安全配置.java
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
ClientRegistrationRepository clientRegistrationRepository;
private OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler() {
OidcClientInitiatedLogoutSuccessHandler successHandler = new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
successHandler.setPostLogoutRedirectUri("https://<app_domain>.azurewebsites.net");
return successHandler;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.antMatchers("/home", "/login**","/callback/", "/webjars/**", "/error**", "/oauth2/authorization/**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.logout()
// .logoutSuccessHandler(myLogoutHandler)
.logoutSuccessHandler(oidcLogoutSuccessHandler())
.invalidateHttpSession(true)
.clearAuthentication(true)
//.permitAll()
.and()
.oauth2Login();
}
如果您使用的是 Azure Web 应用程序,请在 CORS 设置中添加 AFDS 域 URL 或使用自定义注销处理程序。
[![相关设置。][1]][1]
// Changes in the configuration as follows
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.antMatchers("/home", "/login**","/callback/", "/webjars/**", "/error**", "/oauth2/authorization/**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.addLogoutHandler(logoutHandler) // for custom logout
.and()
.oauth2Login();
http.csrf().disable();
// Added new custom logout as follows
@Component
public class CustomLogoutHandler implements LogoutHandler {
@Autowired
ResourceConfig resourceConfig;
private static Logger logger = LogManager.getLogger(CustomLogoutHandler.class);
@Override
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
try {
logger.info("custom logout executed");
String idToken = "";
if (request.getSession() != null) {
logger.info("invalidate session details");
AuthResults results = (AuthResults) request.getSession()
.getAttribute(AuthHelper.PRINCIPAL_SESSION_NAME);
if (results != null) {
idToken = results.getIdToken();
}
request.getSession().invalidate();
}
// Clearing all cookies
if (request.getCookies() != null) {
logger.info("Clearing all cookies");
for (Cookie cookie : request.getCookies()) {
cookie.setMaxAge(0);
}
}
if (!"".equals(idToken)) {
logger.info("redirecting with post logout redirect url");
response.sendRedirect(Constants.LOGOUT_TOKEN_URL+ idToken);
} else {
logger.info("redirecting without post logout redirect url");
response.sendRedirect(Constants.LOGOUT_URL);
}
} catch (IOException e) {
logger.error("Error occured in logout Method ",e);
}
}
```
[1]: https://i.stack.imgur.com/HqFHN.png