CODEWITHSUNDEEP
asp.net-coreidentityserver4single-logout
leo
leo

Reputation: 581

Identity4 back-channel logout SSO/SLO not working for all clients

I have implemented backchannel logout and the URL is calling for all clients but it is not signout from all clients

Scenario

  1. Client-A login
  2. Client-B login
  3. Clicked the Logout button from Client-A, Redirect to the identity server logout page
  4. Back-channel logout URL is called for client-B
  5. Back-channel logout URL is called for client-A
  6. Check the identity server --> user logout already
  7. Enter the URL of Client-A , redirect to the Identity Server for login
  8. Enter the URL of Client-B, I can view ( it suppose to be redirect to the login page of identity server bcos logout already)

LogOut code

public async Task<IActionResult> Logout()
    {
        Console.WriteLine("** MVC2 logout " + DateTime.Now.ToString("MM/dd/yyyy hh:mm:ss.fff tt"));

        var client = _httpClientFactory.CreateClient("IDPClient");

        var discoveryDocumentResponse = await client.GetDiscoveryDocumentAsync();
        if (discoveryDocumentResponse.IsError)
        {
            throw new Exception(discoveryDocumentResponse.Error);
        }

        
        await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
        await HttpContext.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);
        
        return Redirect(discoveryDocumentResponse.EndSessionEndpoint);
    }

BackChannel Logout code

        [HttpPost]
        [AllowAnonymous]
        public async Task<IActionResult> BackChannelLogout(string token)
        {
           
            Console.WriteLine("*********************** MVC1 --> BackChannelLogout " + DateTime.Now.ToString("MM/dd/yyyy hh:mm:ss.fff tt"));
            await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
            await HttpContext.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);

            return NoContent();
        }

I want to achieve, if logout from the Clients it , it should redirect to the identity server for login

Upvotes: 0

Views: 1325

Answers (1)

Tore Nestenius
Tore Nestenius

Reputation: 19961

Your logout code in your client should not return anything, because that will interfere with the respose that SignOutAsync creates internally for you.

A sample logout can look like this:

    /// <summary>
    /// Do the logout
    /// </summary>
    /// <returns></returns>
    [HttpPost]
    [ValidateAntiForgeryToken]
    public async Task Logout()
    {
        await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
        await HttpContext.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme);

        //Important, this method should never return anything.
    }

Upvotes: 1

Related Questions