I am using ACS 2.0 in my MVC 4 application.
It is already configured for signing in, and it works for various providers including ADFS. I need to implement sign-out functionality.
As this question is already outdated, I used the code from these samples:
Here is how it looks like:
// Load Identity Configuration
FederationConfiguration config = FederatedAuthentication.FederationConfiguration;
// Get wtrealm from WsFederationConfiguation Section
string wtrealm = config.WsFederationConfiguration.Realm;
string wreply = wtrealm; //return url
// Read the ACS Ws-Federation endpoint from web.Config
string wsFederationEndpoint = ConfigurationManager.AppSettings["ida:Issuer"];
SignOutRequestMessage signoutRequestMessage = new SignOutRequestMessage(new Uri(wsFederationEndpoint));
signoutRequestMessage.Parameters.Add("wreply", wreply);
signoutRequestMessage.Parameters.Add("wtrealm", wtrealm);
FederatedAuthentication.SessionAuthenticationModule.SignOut();
var signoutUrl = signoutRequestMessage.WriteQueryString();
As a result, I get the sign-out URL where I should redirect, it will dispose the tokens and send me back. URL looks like following:
https://myacsnamespace.accesscontrol.windows.net/v2/wsfederation?wa=wsignout1.0&wreply=http%3a%2f%2flocalhost%3a61192%2f&wtrealm=http%3a%2f%2flocalhost%3a61192%2f
As a result, it works as expected for Google, Yahoo, and Microsoft accounts. When I sign-out, and try to access the protected area, I get a list of identity providers, and I have to sign-in again, even if I choose the same provider.
But when I use ADFS provider, it works like that:
I click sign out and get to the page of available providers
I select ADFS provider again
I get to the protected area with my old AD credentials
If I have ADFS as the only provider, step 2 from above is skipped, and I keep being constantly sign-in without ability to change the user.
As I see what happens, the ACS does not dispose the security token it got from ADFS, and re-uses it.
Do you have any leads on how I can force ACS to dispose this token?
Thanks in advance!