Is it possible to do Azure AD integrated application sign out only?

[bachoang]

Describe the bug

A clear and concise description of what the bug is.

To Reproduce

Further technical details

• ASP.NET Core version
• Include the output of dotnet --info
• The IDE (VS / VS Code/ VS4Mac) you're running on, and it's version

For application using OpenID Connect OWIN middleware to integrate with Azure AD to do SSO such as https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC/1-1-MyOrg. Is it possible to do application-only sign out but still have a valid session with Azure AD?

From my observation, it looks like asp.net maintains an authenticated session cookie by setting the highlighted .AspNetCore.AzureADCookie cookie. In order to perform the applicaiton logout, I believe that we have to expire that cookie somehow. I have tried the following but it does not seem to work:

    public string signout()
    {
        SignOut("/", CookieAuthenticationDefaults.AuthenticationScheme);
        return "hello there";
    }

[javiercn]

@bachoang thanks for contacting us.

@Tratcher any thoughts? I don't believe the middleware has the ability to not send the sign out request when SignOutAsync is invoked, does it?

[Tratcher]

Clarification: that sample is using AspNetCore, not OWIN middleware.

Yes you can signout of the app cookie, it just uses a different name in this case: https://github.com/aspnet/AspNetCore/blob/88b534726e8855c3a86a751c63b8e317d749b396/src/Azure/AzureAD/Authentication.AzureAD.UI/src/AzureADAuthenticationBuilderExtensions.cs#L85

[ghost]

This issue has been resolved and has not had any activity for 1 day. It will be closed for housekeeping purposes.

See our Issue Management Policies for more information.