Is wreply (WS-Federation) supported in sign-out?

[janih78]

Hi,

Can I send wreply parameter during sign-out to be forwarded to "loggedOut" view? I'd like to make a link "return to application" to be visible.

I tried to configure WS-Federation like below (using samples provided)

        app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
        {
            MetadataAddress = Constants.BaseAddress + "/wsfed/metadata",
            Wtrealm = "urn:owinrp",
            Wreply = "<put return address here>",
            SignInAsAuthenticationType = "Cookies"
        });

OR

    public ActionResult SignOut()
    {
        Request.GetOwinContext().Authentication.SignOut(new AuthenticationProperties
        {
            RedirectUri = "<put return address here>"
        });
        return View();
    }

and then by using CustomViewService sample to verify if the wreply parameter is accessible in CustomViewService's LoggedOut method. But it's not (LoggedOutViewModel's AutoRedirect is false and RedirectUrl is null). I suppose this post-logout-redirect is possible if using OpenID / OAuth2, but I need that also for WS-Federation.

I'm appreciate if you could help me with this.

BR, Jani

[janih78]

Actually I want to use something like this http://identityserver.github.io/Documentation/docs/endpoints/endSession.html with WS-Federation. Is it possible? And what's difference between that and this Request.GetOwinContext().Authentication.SignOut()?

BR, Jani

[totpero]

I solve this problem using Wreply = "<put return address here>", and is not enough only this, you need to add to adfs server ->Relaying PartyTrusts->Endpoints something like this: http://serverfault.com/questions/632950/ad-fs-3-0-does-not-redirect-back-to-relying-party

[janih78]

I'm not using ADFS, but WS-Federation plugin that comes with Identity Server.

[leastprivilege]

I don't think we support that. Please open an issue describing the feature you want in the ws-fed repo.