/// <summary> /// Signout behavior. /// </summary> /// <param name="properties">The <see cref="T:Microsoft.AspNetCore.Authentication.AuthenticationProperties" /> that contains the extra meta-data arriving with the authentication.</param> /// <returns> /// A task. /// </returns> public async Task SignOutAsync(AuthenticationProperties properties) { properties.Items["redirectUri"] = Options.SignOutPath; var target = ResolveTarget(Options.ForwardSignOut); if (target != null) { await Context.SignOutAsync(target, properties); return; } if (Options.Configuration == null) { Options.Configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); } string sendSignoutTo = new Uri(new Uri(CurrentUri), Options.SignOutPath).AbsoluteUri; //prepare AuthnRequest ID, assertion Url and Relay State to prepare for Idp call string logoutRequestId = "id" + Guid.NewGuid().ToString("N"); GenerateCorrelationId(properties); string relayState = Options.StateDataFormat.Protect(properties); //cleanup and remove existing cookies CookieOptions deleteCookieOptions = Options.RequestCookieId.Build(Context, Clock.UtcNow); Response.DeleteAllRequestIdCookies(Context.Request, deleteCookieOptions); //create and append new response cookie Options.RequestCookieId.Name = Options.AuthenticationScheme + Options.SignOutPath + relayState; Response.Cookies.Append(Options.RequestCookieId.Name, logoutRequestId, Options.RequestCookieId.Build(Context)); string logoutRequest = "/"; if (Options.hasCertificate) { //create logoutrequest call logoutRequest = _saml2Service.CreateLogoutRequest(Options, logoutRequestId, Context.User.FindFirst(Saml2ClaimTypes.SessionIndex).Value, Context.User.Identity.Name, relayState, sendSignoutTo); } //call idp Response.Redirect(logoutRequest, true); }