ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,263 questions
Owin openidconnect SignOut sending id_token_hint without active session
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 61%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Alberto
0
Reputation points
Hey!, I've a solution integrating c# Microsoft.Owin.Security.OpenIdConnect last version (4.2.2), .net Framework 4.6.1 (mvc project) and I've a question.
My solution closes correctly openid on keykloak when I've a session active, the problem is that I need logout on identity provider without active .net session (cookies not present) sending id_token_hint:
http://mykeycloak.com/realms/realm/protocol/openid-connect/logout
?post_logout_redirect_uri=https%3A%2F%2Flocalhost%3A44332%2FFederation%2FLogoutConsume
&id_token_hint=XXXXX
&x-client-SKU=ID_NET461
&x-client-ver=5.3.0.0
The problem is that id_token_hint doesn't be sent:
http://mykeycloak.com/realms/realm/protocol/openid-connect/logout
?post_logout_redirect_uri=https%3A%2F%2Flocalhost%3A44332%2FFederation%2FLogoutConsume
&x-client-SKU=ID_NET461
&x-client-ver=5.3.0.0
I tried create a session before call signout code:
public ActionResult Logout()
{
...
if(!Request.IsAuthenticated)
{
var identity = new ClaimsIdentity(new List<Claim>
{
new Claim("UserId", "123", ClaimValueTypes.Integer32),
new Claim("id_token", "valid_id_token")
}, "Custom");
HttpContext.User = new ClaimsPrincipal(identity);
}
if (Request.IsAuthenticated)
{
}
HttpContext.GetOwinContext().Authentication.SignOut(new AuthenticationProperties { RedirectUri = "validRedirectUrl"}, "validIdpId");
return new HttpStatusCodeResult(HttpContext.GetOwinContext().Response.StatusCode);
}
I've gooten the second if (Request.IsAuthenticated) to be true, the problem is that keeps without sending id_token_hint.
I've tried save on cache the ClaimsIdentity object on the event SecurityTokenValidated:
OpenIdConnectAuthenticationNotifications notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = context =>
{
...
ObjectCache cache = MemoryCache.Default;
CacheItemPolicy policy = new CacheItemPolicy();
policy.SlidingExpiration = TimeSpan.FromMinutes(60);
cache.Set("identity", context.AuthenticationTicket.Identity, policy);
//Sign in using the created identity
context.OwinContext.Authentication.SignIn(context.AuthenticationTicket.Identity);
return Task.CompletedTask;
},
Getting it on logout:
ObjectCache cache = MemoryCache.Default;
ClaimsIdentity identity = cache.Get("identity") as ClaimsIdentity;
HttpContext.User = new ClaimsPrincipal(identity);
But problem persists.
How can signout without active session or creating a temporally one with strictly needed data?
Thanks!
ASP.NET
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,268 questions