Keycloak Log out from ASP.NET and ASP.NET Core

Question

Currently I am able to login from ASP.NET and ASP.NET Core. However when logout from ASP.NET, my ASP.NET Core app doesn't logout as well.

Here is my ASP.NET logout code:

public ActionResult logout()
{
    Request.GetOwinContext().Authentication.SignOut(HttpContext.GetOwinContext().Authentication.GetAuthenticationTypes().Select(o => o.AuthenticationType).ToArray());
    return RedirectToAction("About", "Home");
}

And my ASP.NET Core logout:

public IActionResult Logout()
{
    return new SignOutResult(new[] { "OpenIdConnect", "Cookies" });
}

Unfortunately, if I logout from the ASP.NET app, my ASP.NET Core app doesn't logout automatically. Is it something wrong with my keycloak setting, or did I miss something in my code?

Answer 1

It is working for me. I used code similar to yours:

public IActionResult Logout()
    {
        return new SignOutResult(
            new[] { 
                OpenIdConnectDefaults.AuthenticationScheme,
                CookieAuthenticationDefaults.AuthenticationScheme 
            });
    }

If you get invalid redirect error from keycloak, then you must also add Valid post logout redirect URIs to your Keycloak client settings. In your case, you have to add your_host/signout-callback-oidc

If you get an invalid or missing id_token_hint parameter, then make sure that tokens are being saved:

    .AddOpenIdConnect(options =>
{
    options.SaveTokens = true;
});

Answer 2

Go through the https://github.com/dotnet/aspnetcore/blob/4fa5a228cfeb52926b30a2741b99112a64454b36/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs#L312-L315

services.AddAuthentication(...)
    .AddCookie("Cookies")
    .AddOpenIdConnect("OpenIdConnect", options =>
    {
        ...
        options.Events.OnSignedOutCallbackRedirect += context =>
        {
            context.Response.Redirect(context.Options.SignedOutRedirectUri);
            context.HandleResponse();

            return Task.CompletedTask;
        };
        ...
    });