web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Dynamics 365/PowerApps...
Power Pages
Unanswered

Dynamics 365/PowerApps Portal Azure AD B2C logout issue

(0) ShareShare
ReportReport
Posted on by zebra1024 12

I have a Microsoft hosted Portal configured with a Dynamics 365 CE instance. 

The authentication is configured to use Azure AD B2C and this is working properly.

 

The issue I have is when a user chooses the "sign out" link their session is ended but the user is not redirected to the page they were on when the logged off (the returnUrl specified in the query string)

/en-US/Account/Login/LogOff?returnUrl=%2test%2F

From tracking the flow using Fiddler it looks like the portal is not passing the return URL to B2C and is instead passing the root URL. This process does work if I use a portal "local account" so it seems to be related to how the portal calls the logoff for B2C.

 

From /_services/about the version is 9.2.4.66

 

Does anyone have a workaround for this or is this a bug in the portal?

 

Thanks

Categories:
Power Apps portals
I have the same question (0)
  • v-siky-msft Profile Picture
    v-siky-msft on at

    Hi @zebra1024 ,

     

    I made a test on my portal logged in via Azure AD authentication, but the redirection works correctly when logging off, the ReturnURL always links to the previous page properly.

    Snipaste_2020-05-04_14-38-16.png

    Here are some suggestions:

    1. deactivate AzureAD Authentication and re-active it again.

    2. clear all browser cookies and cache or change another browser

    3. Check the Web Template called "Header" to see if the logout section in source control is changed.

     <a role="menuitem" aria-label="{{ snippets["links/logout"] | default:resx["Sign_Out"] | h | escape }}" href="{% if homeurl%}/{{ homeurl }}{% endif %}{{ website.sign_out_url_substitution }}" title="{{ snippets["links/logout"] | default:resx["Sign_Out"] | h | escape }}">
 {{ snippets["links/logout"] | default:resx["Sign_Out"] | h | escape }}

    Snipaste_2020-05-04_14-59-17.png

    Hope this helps.

    Sik

  • zebra1024 Profile Picture
    zebra1024 12 on at

    Thanks for your detailed reply.

    I am using Azure AD B2C for authentication - you mention Azure AD in your reply.

     

    In Fiddler this seems to be the flow:

    I start on the page /en-US/FieldService/

    1) When I click "Sign Off" I am navigated to the following URL which looks good (returnUrl is set properly to the deep link)

    Get https://xxx.microsoftcrmportals.com/en-US/Account/Login/LogOff?returnUrl=%2Fen-US%2FFieldService%2F

    2) This returns a 302 with the following redirect URL

     https://login.microsoftonline.com/te/{id}/b2c_1_signuporsignin/oauth2/v2.0/logout?post_logout_redirect_uri=https%3A%2F%2xxx.microsoftcrmportals.com&redirect_uri=https%3A%2F%2xxx.microsoftcrmportals.com%2Fsignin-b2c

    3) B2C does the logout and returns JavaScript code that does a window.location.replace using the URL https://xxx.microsoftcrmportals.com/ which does not include the path

     

    The issue seems to be in step 2 the Portal is not properly setting the post_logout_redirect_uri using the passed returnUrl query string parameter (/en-US/FieldService/).

  • Verified answer
    zebra1024 Profile Picture
    zebra1024 12 on at

    I worked this issue with Microsoft support.

     

    The solution was to set the portal setting "Authentication/OpenIdConnect/B2C/ExternalLogoutEnabled" to false. This will redirect the user on logout. What it changes is that the user is not logged out of Azure AD B2C so if they immediately try to sign back in they will not have to authenticate with Azure AD B2C. I believe this could be fixed by Microsoft in the Portal code if they properly set the  "post_logout_redirect_uri" in the logout call to B2C to the current URL.

     

    Authentication/OpenIdConnect/[Federation-Name]/ExternalLogoutEnabled

    Enables or disables federated sign-out. When set to true, users are redirected to the federated sign-out user experience when they sign out from the portal. When set to false, users are signed out from the portal only. By default, it is set to false.

    For reference: https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/azure-ad-b2c

  • zebra1024 Profile Picture
    zebra1024 12 on at

    I added this to the Microsoft ideas site at https://experience.dynamics.com/ideas/idea/?ideaid=f5cda878-3c9c-ea11-8b71-0003ff688f7a 

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Jerry-IN Profile Picture

Jerry-IN 71

#2
Fubar Profile Picture

Fubar 62 Super User 2025 Season 2

#3
sannavajjala87 Profile Picture

sannavajjala87 31

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans