Azure Active Directory skip account selection on logout

0
votes

I have an ASP.Net Core application that connects to Azure Active Directory. The sign-on works great, but when signing out I want it to happen immediately without having to go through the "Pick an Account" screen in Azure AD.

I've used the sample app (https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2) and modified the startup method:

services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
   {

                options.Authority = options.Authority + "/v2.0/";
                options.SaveTokens = true;
   }

I read that SaveTokens should cause id_token_hint to be set on logout (assuming this will bypass the logout screen) but that's not happening.

How do I make the application sign out immediately and not go to Azure's logout screen?

2
c#azure-active-directoryopenid-connect
Which particular sample did you use in this repository?TiagoBrenck
@TiagoBrenck I used the aspnetcore2-2 branch (it has a single project)logix

2 Answers

1
votes

You need to configure this in the OnRedirectToIdentityProviderForSignOut event. Code from the sample active-directory-aspnetcore-webapp-openidconnect-v2

services.Configure<OpenIdConnectOptions>(options => {
    options.Events.OnRedirectToIdentityProviderForSignOut = async context =>
    {
       var user = context.HttpContext.User;

       // Avoid displaying the select account dialog
       context.ProtocolMessage.LoginHint = user.GetLoginHint();
       context.ProtocolMessage.DomainHint = user.GetDomainHint();
       await Task.FromResult(0);
    };
});
0
votes

It turns out this behavior is no longer possible with the v2 endpoint: https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/issues/126