we have identityserver3 linked relying party adfs3 using wsfed. login works fine. trying implement logout. have added endpoint in idserver specified here https://leastprivilege.com/2015/07/08/federated-logout-with-the-katana-ws-federation-middleware/ not work in not logout of idserver, called ok have logged call.
have been experimenting calling logout on idserver directly, e.g. ://idserver/logout. have call twice logout working. first time call redirected adfs logout, can see using fiddler adfs has iframe going ://idserver/?wa=wsignoutcleanup think case of getting right code cleanup routine wsignoutcleanup.
i found if called logout twice worked tried doing redirect ://idserver/logout in cleanup function. can see using fiddler page called in iframe /endsession?sid=xxx not called, maybe because iframe in iframe? have tried redirecting endsession?sid=xxxx. think worked if called https://idserver/logout not if call ://adfs/?wa=signout. guessing there done in logout before calling endsession?
once working hoping our openid/oauth javascript app pick user session has changed using checksession endpoint. seem pick change when calling logout twice...
does have snippet of code can use in wsignoutcleanup routine on idserver clear session properly?
thanks
so thought post code works, not sure if need call signout seems work, might else.....
private static void addsignoutendpoint(iappbuilder app) { app.use(async (ctx, next) => { var qs = ctx.request.query; var wa = qs.get("wa"); if (wa != null) { if (wa == "wsignoutcleanup1.0") { ctx.response.cookies.delete("idsrv"); ctx.response.cookies.delete("idsrv.external"); ctx.response.cookies.delete("idsrv.partial"); ctx.authentication.signout("cookies"); ctx.response.redirect("connect/endsessioncallback?sid=" + ctx.request.cookies["idsvr.session"]); } else { await next(); } } else { await next(); } }); } 
Comments
Post a Comment