I am using Windows Identity Foundation. (With some MVC 2.0 sites)
I am having real problem signing someone out of all the sites protected by WIF.
It looks like my sign out is only signing people out on the current site.
This is my code
public void FederatedSignOut(string replyUrl)
{
var authModule = FederatedAuthentication.WSFederationAuthenticationModule;
WSFederationAuthenticationModule.FederatedSignOut(new Uri(authModule.Issuer), new Uri(replyUrl));
}
After running this code i can still browse to any other sites that the user has visited.
But i am logged out of the site i signed out of.
Does federated log out work?
Thanks very much
Yes, Federated Sign Out works, but not always :-). What STS are you using? (e.g. ADFS? your own?)
There's some introduction information here: http://msdn.microsoft.com/en-us/library/ff359102.aspx#sec9
Check out how our "mock" sts handles Sign Out.
WIF has a FederatedPassiveSignInStatus control which does the work for you.
Essentially, this sends a "wa=wsignout1.0" WS-Federation command to the STS. However, the STS may not implement this. ADFS does.
When signing out of my application to external sts , I signout of my application but still stay signed in ntexternal sts OKTA
WSFederationAuthenticationModule fam = FederatedAuthentication.WSFederationAuthenticationModule;`
// Native FederatedSignOut doesn't seem to have a way for finding/registering realm for singout, get it from the FAM
string wrealm = string.Format("wtrealm={0}", fam.Realm);
// Check where to return, if not set ACS will use Reply address configured for the RP
string wreply = !string.IsNullOrEmpty(reply) ? reply : (!string.IsNullOrEmpty(fam.Reply) ? fam.Reply : null);
// Create basic url for signout (wreply is set by native FederatedSignOut)
string signOutUrl = WSFederationAuthenticationModule.GetFederationPassiveSignOutUrl(fam.Issuer, null, wrealm);
WSFederationAuthenticationModule.FederatedSignOut(new Uri(signOutUrl), !string.IsNullOrEmpty(wreply) ? new Uri(wreply) : null);
