/// <summary>
/// Signout behavior.
/// </summary>
/// <param name="properties">The <see cref="T:Microsoft.AspNetCore.Authentication.AuthenticationProperties" /> that contains the extra meta-data arriving with the authentication.</param>
/// <returns>
/// A task.
/// </returns>
public async Task SignOutAsync(AuthenticationProperties properties)
{
properties.Items["redirectUri"] = Options.SignOutPath;
var target = ResolveTarget(Options.ForwardSignOut);
if (target != null)
{
await Context.SignOutAsync(target, properties);
return;
}
if (Options.Configuration == null)
{
Options.Configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
}
string sendSignoutTo = new Uri(new Uri(CurrentUri), Options.SignOutPath).AbsoluteUri;
//prepare AuthnRequest ID, assertion Url and Relay State to prepare for Idp call
string logoutRequestId = "id" + Guid.NewGuid().ToString("N");
GenerateCorrelationId(properties);
string relayState = Options.StateDataFormat.Protect(properties);
//cleanup and remove existing cookies
CookieOptions deleteCookieOptions = Options.RequestCookieId.Build(Context, Clock.UtcNow);
Response.DeleteAllRequestIdCookies(Context.Request, deleteCookieOptions);
//create and append new response cookie
Options.RequestCookieId.Name = Options.AuthenticationScheme + Options.SignOutPath + relayState;
Response.Cookies.Append(Options.RequestCookieId.Name, logoutRequestId, Options.RequestCookieId.Build(Context));
string logoutRequest = "/";
if (Options.hasCertificate)
{
//create logoutrequest call
logoutRequest = _saml2Service.CreateLogoutRequest(Options, logoutRequestId, Context.User.FindFirst(Saml2ClaimTypes.SessionIndex).Value, Context.User.Identity.Name, relayState, sendSignoutTo);
}
//call idp
Response.Redirect(logoutRequest, true);
}
