Hello,
I downloaded the trial and have been playing around with the sample code. I want to use Angular with Service Provider that logs on using OneLogin. I changed the sample Angular application to use the url of the included sample ExampleServiceProvider. I had to make a change to the redirect method in the AssertionConsumerService since the redirect was breaking when calling Local url.
1. Is this a valid solution to accomplish this?
2. The SingleLogoutService method throws an error on LocalRedirect about the redirect url of http://localhost:4200
InvalidOperationException: The supplied URL is not local. A URL with an absolute path is considered local if it does not have a host/authority part. URLs using virtual paths (‘~/’) are also local.
LocalRedirect is used as best practice to prevent open redirect attacks.
This makes sense in the context of the ExampleServiceProvider which was written as a self-contained application rather than working in cooperation with an Angular application.
You can simply change the LocalRedirect to Redirect calls for testing purposes.
In a production environment you might wish to include checks to ensure you’re redirecting to the Angular application.
The example Angular application we ship works with the ExampleWebApi application.
I suggest taking a look at these.