/// <inheritdoc/>
public virtual async Task SendLogoutNotificationsAsync(LogoutNotificationContext context)
{
var backChannelRequests = await LogoutNotificationService.GetBackChannelLogoutNotificationsAsync(context);
if (backChannelRequests.Any())
{
await SendLogoutNotificationsAsync(backChannelRequests);
}
}
/// <inheritdoc/>
public virtual async Task SendLogoutNotificationsAsync(LogoutNotificationContext context)
{
using var activity = Tracing.ServiceActivitySource.StartActivity("DefaultBackChannelLogoutService.SendLogoutNotifications");
var backChannelRequests = await LogoutNotificationService.GetBackChannelLogoutNotificationsAsync(context);
if (backChannelRequests.Any())
{
await SendLogoutNotificationsAsync(backChannelRequests);
}
}
public Task <IEnumerable <BackChannelLogoutRequest> > GetBackChannelLogoutNotificationsAsync(LogoutNotificationContext context)
{
SendBackChannelLogoutNotificationsCalled = true;
return(Task.FromResult(BackChannelLogoutRequests.AsEnumerable()));
}
public Task <IEnumerable <string> > GetFrontChannelLogoutNotificationsUrlsAsync(LogoutNotificationContext context)
{
GetFrontChannelLogoutNotificationsUrlsCalled = true;
return(Task.FromResult(FrontChannelLogoutNotificationsUrls.AsEnumerable()));
}
public Task SendLogoutNotificationsAsync(LogoutNotificationContext context)
{
SendLogoutsWasCalled = true;
return(Task.CompletedTask);
}
/// <inheritdoc/>
public async Task <IEnumerable <BackChannelLogoutRequest> > GetBackChannelLogoutNotificationsAsync(LogoutNotificationContext context)
{
var backChannelLogouts = new List <BackChannelLogoutRequest>();
foreach (var clientId in context.ClientIds)
{
var client = await _clientStore.FindEnabledClientByIdAsync(clientId);
if (client != null)
{
if (client.BackChannelLogoutUri.IsPresent())
{
var back = new BackChannelLogoutRequest
{
ClientId = clientId,
LogoutUri = client.BackChannelLogoutUri,
SubjectId = context.SubjectId,
SessionId = context.SessionId,
SessionIdRequired = client.BackChannelLogoutSessionRequired
};
backChannelLogouts.Add(back);
}
}
}
if (backChannelLogouts.Any())
{
var msg = backChannelLogouts.Select(x => x.LogoutUri).Aggregate((x, y) => x + ", " + y);
_logger.LogDebug("Client back-channel logout URLs: {0}", msg);
}
else
{
_logger.LogDebug("No client back-channel logout URLs");
}
return(backChannelLogouts);
}
/// <inheritdoc/>
public async Task <IEnumerable <string> > GetFrontChannelLogoutNotificationsUrlsAsync(LogoutNotificationContext context)
{
var frontChannelUrls = new List <string>();
foreach (var clientId in context.ClientIds)
{
var client = await _clientStore.FindEnabledClientByIdAsync(clientId);
if (client != null)
{
if (client.FrontChannelLogoutUri.IsPresent())
{
var url = client.FrontChannelLogoutUri;
// add session id if required
if (client.ProtocolType == IdentityServerConstants.ProtocolTypes.OpenIdConnect)
{
if (client.FrontChannelLogoutSessionRequired)
{
url = url.AddQueryString(OidcConstants.EndSessionRequest.Sid, context.SessionId);
url = url.AddQueryString(OidcConstants.EndSessionRequest.Issuer, _httpContextAccessor.HttpContext.GetIdentityServerIssuerUri());
}
}
else if (client.ProtocolType == IdentityServerConstants.ProtocolTypes.WsFederation)
{
url = url.AddQueryString(Constants.WsFedSignOut.LogoutUriParameterName, Constants.WsFedSignOut.LogoutUriParameterValue);
}
frontChannelUrls.Add(url);
}
}
}
if (frontChannelUrls.Any())
{
var msg = frontChannelUrls.Aggregate((x, y) => x + ", " + y);
_logger.LogDebug("Client front-channel logout URLs: {0}", msg);
}
else
{
_logger.LogDebug("No client front-channel logout URLs");
}
return(frontChannelUrls);
}
internal static async Task <string> GetIdentityServerSignoutFrameCallbackUrlAsync(this HttpContext context, LogoutMessage logoutMessage = null)
{
var userSession = context.RequestServices.GetRequiredService <IUserSession>();
var user = await userSession.GetUserAsync();
var currentSubId = user?.GetSubjectId();
LogoutNotificationContext endSessionMsg = null;
// if we have a logout message, then that take precedence over the current user
if (logoutMessage?.ClientIds?.Any() == true)
{
var clientIds = logoutMessage?.ClientIds;
// check if current user is same, since we might have new clients (albeit unlikely)
if (currentSubId == logoutMessage?.SubjectId)
{
clientIds = clientIds.Union(await userSession.GetClientListAsync());
clientIds = clientIds.Distinct();
}
endSessionMsg = new LogoutNotificationContext
{
SubjectId = logoutMessage.SubjectId,
SessionId = logoutMessage.SessionId,
ClientIds = clientIds
};
}
else if (currentSubId != null)
{
// see if current user has any clients they need to signout of
var clientIds = await userSession.GetClientListAsync();
if (clientIds.Any())
{
endSessionMsg = new LogoutNotificationContext
{
SubjectId = currentSubId,
SessionId = await userSession.GetSessionIdAsync(),
ClientIds = clientIds
};
}
}
if (endSessionMsg != null)
{
var clock = context.RequestServices.GetRequiredService <ISystemClock>();
var msg = new Message <LogoutNotificationContext>(endSessionMsg, clock.UtcNow.UtcDateTime);
var endSessionMessageStore = context.RequestServices.GetRequiredService <IMessageStore <LogoutNotificationContext> >();
var id = await endSessionMessageStore.WriteAsync(msg);
var signoutIframeUrl = context.GetIdentityServerBaseUrl().EnsureTrailingSlash() + Constants.ProtocolRoutePaths.EndSessionCallback;
signoutIframeUrl = signoutIframeUrl.AddQueryString(Constants.UIConstants.DefaultRoutePathParams.EndSessionCallback, id);
return(signoutIframeUrl);
}
// no sessions, so nothing to cleanup
return(null);
}
