I'm using identity server v2 and I have an environment where I use the token stored in the FedAuth cookie between app servers using the same machine key for encryption/decryption of the cookie. My issue is that when I sign off from one application, I need to sign out of all apps and invalidate all of the application sessions.
My hope by calling this was that the identityserver would append the wctx URL in the wsfedsignout cookie. However, this does not happen. The WSFederationController.ProcessWSFederationSignIn method calls FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest which returns a response that has the BaseUri value of the Relying Party Redirect URL, which is part of the identity server configuration.
So, is there any way around this? It appears as if there should be support for single sign-out amongst multiple applications in identityserver v2 by looking at the code.
Hi,
I'm using identity server v2 and I have an environment where I use the token stored in the FedAuth cookie between app servers using the same machine key for encryption/decryption of the cookie. My issue is that when I sign off from one application, I need to sign out of all apps and invalidate all of the application sessions.
What I have tried to do is during initial session bring-up, in each subsequent app, is call the following URL: https://myidentityserver.mydomain.com/Idsrv/issue/wsfed?wa=wsignin1.0&wtrealm=http%3a%2f%2fmyrealm.com%2f&wctx=https%3a%2f%2fmyapp2.mydomain.com%2f&wreply=https%3a%2f%2fmyapp2.mydomain.com%2f
My hope by calling this was that the identityserver would append the wctx URL in the wsfedsignout cookie. However, this does not happen. The WSFederationController.ProcessWSFederationSignIn method calls FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest which returns a response that has the BaseUri value of the Relying Party Redirect URL, which is part of the identity server configuration.
So, is there any way around this? It appears as if there should be support for single sign-out amongst multiple applications in identityserver v2 by looking at the code.
Thanks for your help in advance.
Cale