dotnet core opeindconnect broken Single Logout(SLO) The Next CEO of Stack OverflowWhat is the correct way to create a single-instance WPF application?Difference between core and processor?What is “.NET Core”?Unable to find Use.RunTimePageInfo() method in startup.cs file in aspnet coreHow to implement ADFS (Single Sign-on) ASP.NET MVC6 (DotNet Core 1.0.0)?502 Error, IIS8 ASP .NET CORE AspNetCore.AntiforgeryWhat is the difference between .NET Core and .NET Standard Class Library project types?Dotnet Core in Ubuntu i686DocuSign.eSign.dll package for dotnet coreKeycloak : Single Logout(SLO)
What day is it again?
Is it professional to write unrelated content in an almost-empty email?
(How) Could a medieval fantasy world survive a magic-induced "nuclear winter"?
Why don't programming languages automatically manage the synchronous/asynchronous problem?
Physiological effects of huge anime eyes
Can this note be analyzed as a non-chord tone?
How to Implement Deterministic Encryption Safely in .NET
Which one is the true statement?
What would be the main consequences for a country leaving the WTO?
Graph of the history of databases
Aggressive Under-Indexing and no data for missing index
Easy to read palindrome checker
Why am I getting "Static method cannot be referenced from a non static context: String String.valueOf(Object)"?
Do I need to write [sic] when including a quotation with a number less than 10 that isn't written out?
Is fine stranded wire ok for main supply line?
Expectation in a stochastic differential equation
Expressing the idea of having a very busy time
What steps are necessary to read a Modern SSD in Medieval Europe?
Why is the US ranked as #45 in Press Freedom ratings, despite its extremely permissive free speech laws?
How to find image of a complex function with given constraints?
Yu-Gi-Oh cards in Python 3
What does "shotgun unity" refer to here in this sentence?
Getting Stale Gas Out of a Gas Tank w/out Dropping the Tank
free fall ellipse or parabola?
dotnet core opeindconnect broken Single Logout(SLO)
The Next CEO of Stack OverflowWhat is the correct way to create a single-instance WPF application?Difference between core and processor?What is “.NET Core”?Unable to find Use.RunTimePageInfo() method in startup.cs file in aspnet coreHow to implement ADFS (Single Sign-on) ASP.NET MVC6 (DotNet Core 1.0.0)?502 Error, IIS8 ASP .NET CORE AspNetCore.AntiforgeryWhat is the difference between .NET Core and .NET Standard Class Library project types?Dotnet Core in Ubuntu i686DocuSign.eSign.dll package for dotnet coreKeycloak : Single Logout(SLO)
So i set up a brand new mvc dotnet core app. No security. Then i added open id connect security in the start up like so:
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
var clientId = Configuration["clientID"];
var metadataAddress = Configuration["MetadataAddress"];
var Wtrealm = Configuration["Wtrealm"];
string signedOutCallbackPath = Configuration["SignedOutCallbackPath"];
string postLogoutUrl = Configuration["postLogoutUrl"];
services.AddAuthentication(options =>
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
)
.AddCookie("Cookies")
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
options.SaveTokens = true;
options.ClientId = clientId;
options.Authority = metadataAddress;
options.SignedOutCallbackPath = signedOutCallbackPath;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
NameClaimType = "name",
RoleClaimType = "role",
;
);
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
if (env.IsDevelopment())
app.UseDeveloperExceptionPage();
else
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
routes.MapRoute(
name: "default",
template: "controller=Home/action=Index/id?");
);
This works for login.
Then I added
public async Task<IActionResult> Logout(string callBack)
return SignOut("Cookies", OpenIdConnectDefaults.AuthenticationScheme);
public async Task<IActionResult> LogoutComplete()
return View();
Logout to initiate logout and logout to handle the clean up after logout is completed. Logout works for my app. Then it redirects to IdP to logout. It works fine then it redirects browser to LogoutComplete. This is where the weirdness starts: LogoutComplete returns a 302 into the home controller but i don't know why. It never hits the debug point in the method. It does not return the view it is designed t return. This method works fine(returns it's own view) when openIdConnect middleware is not enabled.
Why is this happening? How is this even possible? Why would the middle ware hijack LogoutComplete? Is this in the spec? The openIDProvider was set up in ADFS 2016 and another one in ID Server 4. Both cases the application behaved the same. So i am sure this is not a Provider Configuration/IdP Server issue.
.net core openid-connect
asked Mar 7 at 17:47
JuxhinJuxhin
667
add a comment |
So i set up a brand new mvc dotnet core app. No security. Then i added open id connect security in the start up like so:
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
var clientId = Configuration["clientID"];
var metadataAddress = Configuration["MetadataAddress"];
var Wtrealm = Configuration["Wtrealm"];
string signedOutCallbackPath = Configuration["SignedOutCallbackPath"];
string postLogoutUrl = Configuration["postLogoutUrl"];
services.AddAuthentication(options =>
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
)
.AddCookie("Cookies")
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
options.SaveTokens = true;
options.ClientId = clientId;
options.Authority = metadataAddress;
options.SignedOutCallbackPath = signedOutCallbackPath;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
NameClaimType = "name",
RoleClaimType = "role",
;
);
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
if (env.IsDevelopment())
app.UseDeveloperExceptionPage();
else
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
routes.MapRoute(
name: "default",
template: "controller=Home/action=Index/id?");
);
This works for login.
Then I added
public async Task<IActionResult> Logout(string callBack)
return SignOut("Cookies", OpenIdConnectDefaults.AuthenticationScheme);
public async Task<IActionResult> LogoutComplete()
return View();
Logout to initiate logout and logout to handle the clean up after logout is completed. Logout works for my app. Then it redirects to IdP to logout. It works fine then it redirects browser to LogoutComplete. This is where the weirdness starts: LogoutComplete returns a 302 into the home controller but i don't know why. It never hits the debug point in the method. It does not return the view it is designed t return. This method works fine(returns it's own view) when openIdConnect middleware is not enabled.
Why is this happening? How is this even possible? Why would the middle ware hijack LogoutComplete? Is this in the spec? The openIDProvider was set up in ADFS 2016 and another one in ID Server 4. Both cases the application behaved the same. So i am sure this is not a Provider Configuration/IdP Server issue.
.net core openid-connect
asked Mar 7 at 17:47
JuxhinJuxhin
667
add a comment |
So i set up a brand new mvc dotnet core app. No security. Then i added open id connect security in the start up like so:
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
var clientId = Configuration["clientID"];
var metadataAddress = Configuration["MetadataAddress"];
var Wtrealm = Configuration["Wtrealm"];
string signedOutCallbackPath = Configuration["SignedOutCallbackPath"];
string postLogoutUrl = Configuration["postLogoutUrl"];
services.AddAuthentication(options =>
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
)
.AddCookie("Cookies")
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
options.SaveTokens = true;
options.ClientId = clientId;
options.Authority = metadataAddress;
options.SignedOutCallbackPath = signedOutCallbackPath;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
NameClaimType = "name",
RoleClaimType = "role",
;
);
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
if (env.IsDevelopment())
app.UseDeveloperExceptionPage();
else
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
routes.MapRoute(
name: "default",
template: "controller=Home/action=Index/id?");
);
This works for login.
Then I added
public async Task<IActionResult> Logout(string callBack)
return SignOut("Cookies", OpenIdConnectDefaults.AuthenticationScheme);
public async Task<IActionResult> LogoutComplete()
return View();
Logout to initiate logout and logout to handle the clean up after logout is completed. Logout works for my app. Then it redirects to IdP to logout. It works fine then it redirects browser to LogoutComplete. This is where the weirdness starts: LogoutComplete returns a 302 into the home controller but i don't know why. It never hits the debug point in the method. It does not return the view it is designed t return. This method works fine(returns it's own view) when openIdConnect middleware is not enabled.
Why is this happening? How is this even possible? Why would the middle ware hijack LogoutComplete? Is this in the spec? The openIDProvider was set up in ADFS 2016 and another one in ID Server 4. Both cases the application behaved the same. So i am sure this is not a Provider Configuration/IdP Server issue.
.net core openid-connect
asked Mar 7 at 17:47
JuxhinJuxhin
667
So i set up a brand new mvc dotnet core app. No security. Then i added open id connect security in the start up like so:
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
var clientId = Configuration["clientID"];
var metadataAddress = Configuration["MetadataAddress"];
var Wtrealm = Configuration["Wtrealm"];
string signedOutCallbackPath = Configuration["SignedOutCallbackPath"];
string postLogoutUrl = Configuration["postLogoutUrl"];
services.AddAuthentication(options =>
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
)
.AddCookie("Cookies")
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
options.SaveTokens = true;
options.ClientId = clientId;
options.Authority = metadataAddress;
options.SignedOutCallbackPath = signedOutCallbackPath;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
NameClaimType = "name",
RoleClaimType = "role",
;
);
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
if (env.IsDevelopment())
app.UseDeveloperExceptionPage();
else
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
routes.MapRoute(
name: "default",
template: "controller=Home/action=Index/id?");
);
This works for login.
Then I added
public async Task<IActionResult> Logout(string callBack)
return SignOut("Cookies", OpenIdConnectDefaults.AuthenticationScheme);
public async Task<IActionResult> LogoutComplete()
return View();
Logout to initiate logout and logout to handle the clean up after logout is completed. Logout works for my app. Then it redirects to IdP to logout. It works fine then it redirects browser to LogoutComplete. This is where the weirdness starts: LogoutComplete returns a 302 into the home controller but i don't know why. It never hits the debug point in the method. It does not return the view it is designed t return. This method works fine(returns it's own view) when openIdConnect middleware is not enabled.
Why is this happening? How is this even possible? Why would the middle ware hijack LogoutComplete? Is this in the spec? The openIDProvider was set up in ADFS 2016 and another one in ID Server 4. Both cases the application behaved the same. So i am sure this is not a Provider Configuration/IdP Server issue.
.net core openid-connect
.net core openid-connect
asked Mar 7 at 17:47
JuxhinJuxhin
667
asked Mar 7 at 17:47
JuxhinJuxhin
667
asked Mar 7 at 17:47
JuxhinJuxhin
667
asked Mar 7 at 17:47
JuxhinJuxhin
667
asked Mar 7 at 17:47
JuxhinJuxhin
667
667
add a comment |
add a comment |
0
active
oldest
votes
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55049976%2fdotnet-core-opeindconnect-broken-single-logoutslo%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55049976%2fdotnet-core-opeindconnect-broken-single-logoutslo%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
