private async Task <bool> HandleSignOut()
{
if (!Request.Path.Value.EndsWith(Options.SingleLogoutServiceUrl, StringComparison.OrdinalIgnoreCase))
{
return(false);
}
_logger.LogDebug($"Entering {nameof(HandleSignOut)}");
if (!_httpRedirectBinding.IsValid(Context.Request))
{
return(false);
}
var uri = new Uri(Context.Request.GetEncodedUrl());
if (_httpRedirectBinding.IsLogoutRequest(Context.Request)
) //idp initiated logout. TODO: BUG:Context.User and cookies are not populated
{
var logoutReponse = _samlService.GetLogoutReponse(uri);
if (logoutReponse.StatusCode != Saml2Constants.StatusCodes.Success ||
Context.User.Identity.IsAuthenticated)
{
return(false);
}
var relayState = _httpRedirectBinding.GetCompressedRelayState(Context.Request);
var url = _samlService.GetLogoutResponseUrl(logoutReponse, relayState);
await Context.SignOutAsync(Options.SignOutScheme, new AuthenticationProperties());
Context.Response.Redirect(url, true);
return(true);
}
//sp initiated logout
var response = _httpRedirectBinding.GetResponse(Context.Request);
var authenticationProperties =
Options.StateDataFormat.Unprotect(response.RelayState) ?? new AuthenticationProperties();
var initialLogoutRequestId = GetRequestId();
if (!_samlService.IsLogoutResponseValid(uri, initialLogoutRequestId))
{
return(false);
}
await Context.SignOutAsync(Options.SignOutScheme, authenticationProperties);
var cookieOptions = Options.RequestIdCookie.Build(Context, Clock.UtcNow);
Context.Response.DeleteAllRequestIdCookies(Context.Request, cookieOptions);
var redirectUrl = GetRedirectUrl(authenticationProperties);
_logger.LogDebug(
$"Method={nameof(HandleSignOut)}. Received and handled sp initiated logout response. Redirecting to {redirectUrl}");
Context.Response.Redirect(redirectUrl, true);
return(true);
}
private async Task <bool> HandleSignOut()
{
System.Console.WriteLine("");
System.Console.WriteLine("[Saml2Handler][HandleSignOut] =>");
System.Console.WriteLine("[Saml2Handler][HandleSignOut] => Options.SingleLogoutServiceUrl: '" + Options.SingleLogoutServiceUrl + "'");
if (!Request.Path.Value.EndsWith(Options.SingleLogoutServiceUrl, StringComparison.OrdinalIgnoreCase) ||
!_httpRedirectBinding.IsValid(Context.Request))
{
System.Console.WriteLine("[Saml2Handler][HandleSignOut] => returning false");
return(false);
}
_logger.LogDebug($"Entering {nameof(HandleSignOut)}");
var uri = new Uri(Context.Request.GetEncodedUrl());
//idp initiated logout. TODO: BUG:Context.User and cookies are not populated
if (_httpRedirectBinding.IsLogoutRequest(Context.Request))
{
var logoutResponse = _samlService.GetLogoutReponse(uri);
if (logoutResponse.StatusCode != Saml2Constants.StatusCodes.Success ||
Context.User.Identity.IsAuthenticated)
{
return(false);
}
var relayState = _httpRedirectBinding.GetCompressedRelayState(Context.Request);
var url = _samlService.GetLogoutResponseUrl(logoutResponse, relayState);
await Context.SignOutAsync(Options.SignOutScheme, new AuthenticationProperties());
Context.Response.Redirect(url, true);
return(true);
}
//sp initiated logout
var properties = await _sessionStore.LoadAsync <AuthenticationProperties>() ?? new AuthenticationProperties();
properties.Items.TryGetValue(LogoutRequestIdKey, out var initialLogoutRequestId);
if (!_samlService.IsLogoutResponseValid(uri, initialLogoutRequestId))
{
return(false);
}
await Context.SignOutAsync(Options.SignOutScheme, properties);
await _sessionStore.RemoveAsync <AuthenticationProperties>();
var redirectUrl = GetRedirectUrl(properties);
_logger.LogDebug($"Method={nameof(HandleSignOut)}. Received and handled sp initiated logout response. Redirecting to {redirectUrl}");
Context.Response.Redirect(redirectUrl, true);
return(true);
}
private async Task <bool> HandleSignOut()
{
if (!Request.Path.Value.EndsWith(ServiceProviderConfiguration.SingleLogoutServiceUrl, StringComparison.OrdinalIgnoreCase) ||
!Request.Path.Value.EndsWith(ServiceProviderConfiguration.SingleLogoutResponseServiceUrl, StringComparison.OrdinalIgnoreCase) ||
!_httpRedirectBinding.IsValid())
{
return(false);
}
_logger.LogDebug($"Entering {nameof(HandleSignOut)}");
// idp initiated logout. TODO: BUG:Context.User and cookies are not populated
if (_httpRedirectBinding.IsLogoutRequest())
{
var logoutResponseUrl = await _authenticationProvider.ReceiveIdpInitiatedLogoutRequest(Options.IdentityProviderName);
await Context.SignOutAsync(Options.SignOutScheme, new AuthenticationProperties());
Context.Response.Redirect(logoutResponseUrl);
return(true);
}
// sp initiated logout
var properties = await _sessionStore.LoadAsync <AuthenticationProperties>() ?? new AuthenticationProperties();
properties.Items.TryGetValue(LogoutRequestIdKey, out var initialLogoutRequestId);
properties.Items.TryGetValue(nameof(Options.SignOutScheme), out var signOutScheme);
if (!await _authenticationProvider.ReceiveSpInitiatedLogoutResponse(Options.IdentityProviderName, initialLogoutRequestId))
{
return(false);
}
await Context.SignOutAsync(signOutScheme, properties);
await _sessionStore.RemoveAsync <AuthenticationProperties>();
var redirectUrl = GetRedirectUrl(properties);
_logger.LogDebug($"Method={nameof(HandleSignOut)}. Received and handled sp initiated logout response. Redirecting to {redirectUrl}");
Context.Response.Redirect(redirectUrl);
return(true);
}
