Issue() method in wsfederationcontroller not getting called

[asanjeevak]

Hi,

We are having identityserver V2 and an MVC application as an Relying party hosted on IIS. we have kept SSO Cookie lifetime as 20 min. There is a specific business requirement with Relying party that if the client is idle for 20 min we need to get the user signed out. We are doing that by calling the below logic forcibly in relying party.

var sam = FederatedAuthentication.SessionAuthenticationModule; sam.DeleteSessionTokenCookie(); sam.SignOut(); var fam = FederatedAuthentication.WSFederationAuthenticationModule; fam.SignOut(false); var signOutRequest = new SignOutRequestMessage(new Uri(fam.Issuer));

        // optional -- put your RP's URL here
        signOutRequest.Reply = (Request.UrlReferrer.AbsoluteUri.EndsWith("/")) ? Request.UrlReferrer.AbsoluteUri : string.Format("{0}/", Request.UrlReferrer.AbsoluteUri);
        var url = signOutRequest.WriteQueryString();
        Response.Redirect(url);

This particular logic calls the Issue method in WsFederationController and triggers ProcessWSFederationSignOut method and triggers a cookie clean up.

This works fine, but sometimes with the specific scenario of idle time out at Relying party the issue method in WsFederationController class in SSO is not getting called and user is shown login page.

When user tries to login again now Issue method will be called and since the SignoutRequestMessage is pending for the previous signout request it get triggered now and user is shown the login page again.

Can you help us understanding why issue method is not getting called for this specific scenario.

[leastprivilege]

The only reason why identity server would show the login page is because the authentication cookie has expired or is not present - that might be the right direction for more investigation