When the user logs off the application, it calls the logout endpoint in our identity project. The problem is, the application is logged off, but under the hood the user is still signed on in CSAM. I'm trying to make it work so that the users logs off in the application, but also in the CSAM saml SSO.
[HttpGet("~/identity/logout")]
public async Task<IActionResult> LogoutPost()
{
var logoutRequest = GenerateLogoutRequest();
var binding = new Saml2PostBinding();
var samlLogoutActionResult = binding.Bind(logoutRequest).ToActionResult();
// Perform local logout
await HttpContext.SignOutAsync();
// Redirect to SAML logout
return samlLogoutActionResult;
}
private Saml2LogoutRequest GenerateLogoutRequest()
{
var cert = _certificateService.GetCertificateFromStore(_identityProviderConfig.FsbCertificateSerialNumber);
var config = new Saml2Configuration()
{
Issuer = _identityProviderConfig.Issuer,
SigningCertificate = cert,
SignAuthnRequest = true
};
config.SignatureValidationCertificates.Add(cert);
config.AllowedAudienceUris.Add(_identityProviderConfig.Issuer);
var logoutRequest = new Saml2LogoutRequest(config)
{
Id = new Saml2Id($"Id{Guid.NewGuid():N}"),
Version = "2.0",
IssueInstant = DateTime.UtcNow,
Destination = new Uri(_identityProviderConfig.FasSignOutUrl),
Issuer = _identityProviderConfig.Issuer,
SignatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
NameId = new Saml2NameIdentifier(HttpContext.Session.GetString("SamlNameId")),
SessionIndex = HttpContext.Session.GetString("SamlSessionIndex")
};
logoutRequest.DeleteSession(HttpContext);
return logoutRequest;
}
Currently, the user is logged out of the application, but when clicking the CSAM login, it automatically logs in without asking the user for new CSAM credentials. I'm stuck on how to fix this