I have Identity Server 4 running ok performing local authentication for an MVC app working fine. I needed to add support for an external IDP too so I followed the instructions in the documentation and based it on the quickstart code. So its currently configured to use the demo IDP at https://demo.identityserver.io as an external IDP and works fine for login - the user gets redirected to the external IDP for entering their details, my auth server gets back an id_token with user id (subject) which I match to a user in our own user repository. Our auth server then continues the login as per normal issuing its own tokens etc. - so all fine so far.
The problem I have is Sign-Out from the external IDP - if a user signs out from the demo.identityservier.io IDP directly, I need to ensure this filters back to clear up the stored authentication cookies thus requiring the user to sign in again if they attempt to access a protected page in the app.
This works ok if the user logs out of our own ID Server (i.e. the logout page presented by the ID Server has built-in iframes that ensure the MVC app gets tidied up). For the external IDP I would expect a similar thing, but cant see anything.
Here's the startup config registering the external IDP within our local IDP startup.
.AddOpenIdConnect("Ext_oidc", "Ext OpenID Connect", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.SignOutScheme = IdentityServerConstants.SignoutScheme;
options.Authority = "https://demo.identityserver.io/";
options.ClientId = "implicit";
options.ResponseType = "id_token";
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
});
Any suggestions would be greatfully received
