1

I see there are 3 methods for logout. And the order they are called is below. I need to understand how is logout and singlelogout different because entire code of logout is repeated again in SingleLogout. \

logout singlelogout loggedout

The problem is when I try to logout. First it calls, Logout method, it executes successfully. Later it calls, SingleLogout method, in which it tries to validate the certificate and fails. When it logs in, there is no issue with certificate, not sure why certificate issue arises when logging out.

The below line 61 returns true when logging and returns false when logging out. File : Saml2SignedXML. Method : CheckSignature line 61: return CheckSignature(Saml2Signer.Certificate, true);

Also, there is another issue, in the Logout method, User.Identity.IsAuthenticated is returning false, not sure what is the cause.

Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25
Jack Sp
  • 376
  • 3
  • 10

1 Answers1

0

The Logout endpoint is for the application (relying party) it selv to do logout. The logout call the IdP with a logout request. And expect a logout response back on the LoggedOut endpoint.

The SingleLogout endpoint is used by the IdP if another relying party start the logout sequence. The IdP calls your application with a logout request and expect a logout response back.

I hope it give meaning. I do not know why your application calls both the Logout and SingleLogout endpoint.

Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25
  • 1
    I will try that out. I had a follow up question on that. I see in metadatacontroller we have SingleLogoutServices and then SingleLogoutDestination in the appsetttings. How are these two different? – Jack Sp Jun 19 '20 at 13:55
  • The metadata SingleLogoutService contain information on both the SingleLogout and LoggedOut endpoint, on your application. The SingleLogoutDestination is the SingleLogout endpoint, probably on the IdP. The SAML 2.0 standard allow the two functions to be handled in one endpoint or in seperate endpoint, like in the sample. The ITfoxtec Identity SAML2 package support both case. – Anders Revsgaard Jun 22 '20 at 08:12