Logging out from Identity Server 4 won't log out from Client #3153
Comments
Can you add your start up specifically the AddAuthentication section. |
Hi , thanks for replying. This is basically the same file as the sample of Asp.Net Identity and EF Core combined
|
try
if that doesn't work you can go with
Remember this is NOT going to log a user out of their Google account. Google doesn't support third party logout. Its just going to log them out of your application. |
I tried this and it does not delete the AspNetCore.Cookies which keeps the user logged in the client application. I tried again just downloading the samples https://github.com/IdentityServer/IdentityServer4.Samples Logging out from Identity Server does not log out from client. This is the configuration on client, not sure if it could change anything
|
Clearing the cookie in IdentityServer won't logout the user "auto-magically" at other clients, check the docs https://identityserver4.readthedocs.io/en/latest/topics/signout.html |
That makes sense, I haven't implemented any of this. However i can't seem to find any of this in any identity server 4 sample on the official github, would be nice to see a working example |
Looks like the issue is that in the quickstarts layout lhttps://github.com/IdentityServer/IdentityServer4.Samples/blob/master/Quickstarts/Combined_AspId_and_EFStorage/src/IdentityServer/Views/Shared/_Layout.cshtml the link to the logout controller does not pass the logoutId argument
...which the AccountController expects
As a result vm.TriggerExternalSignout is false which means the extenal signout does not get called.
I'll raise a new issue |
I am in the process of going though the samples now i will add this to #3178 |
Thank you Linda, really appreciate your help. I also have created #3212 |
You've got a point here! I think. The problem is that BuildLogoutViewModelAsync, when logoutid is null (as is in the case of the IS account controller), will not set LoggedOutViewModel.SignOutIframeUrl. This means that if the user signs-out in the IS backoffice it will not trigger the front-channel logout on the clients as it does between clients. Anyone can tell me how to fix that please? |
I have the same issue, except I'm using a JavaScript Client with OIDC. I can see that the endSession contains both the id_token_hint and post_logout_redirect_uri in the debug logs, I can see an error: Client request: Server logs:
I assume I've done something wrong, but have not scratched open the solution yet. |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
I'm using the Asp Net Identity and the EF Core combined sample, everything works correctly, database, seeding, api call except for when i try to log out from the IS page. It does not delete the .AspNetCore.Cookies which is the one keeping the user logged in on client
` ///
/// Handle logout page postback
///
[HttpPost]
[ValidateAntiForgeryToken]
public async Task Logout(LogoutInputModel model)
{
// build a model so the logged out page knows what to display
var vm = await BuildLoggedOutViewModelAsync(model.LogoutId);
On MVC Client it works correctly, logs out from both sides
public IActionResult Logout() { return SignOut("Cookies", "oidc"); }
I tried to do
// delete local authentication cookie await HttpContext.SignOutAsync("Cookies"); await HttpContext.SignOutAsync("oidc");
but gives me an exception cause i didn't add these on AddAuthentication on the IS...
The text was updated successfully, but these errors were encountered: