We Implemented SSO using .Net Core 6, ITfoxtec framework (

CodePudding user response：

As of my knowledge a SAML 2.0 logout in an Azure Enterprice application result in a single logout including logging out of everything. I have not succeeded in only logging out of one application I’m afraid.

CodePudding user response：

I came across this, Log a user out of a SP but not IDP and as @Anders Revsgaard answered that SAML 2.0 does not support logout only from specific application, an other approach is to force IDP to re-authenticate,

once user logout from our application, delete user session which will in-validate user session, now next time when user try to access page he has to re-enter SSO credentials, we removed binding.Bind(saml2LogoutRequest).ToActionResult(); from logout method.

[Route("Login")]
public IActionResult Login(string returnUrl = null)
{
  var binding = new Saml2RedirectBinding();
  binding.SetRelayStateQuery(new Dictionary<string, string> 
    {{ relayStateReturnUrl, returnUrl ?? Url.Content("~/") }});
return binding.Bind(new Saml2AuthnRequest(config) {
                ForceAuthn = true,
            }).ToActionResult();
}

[HttpPost("Logout")]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Logout()
{
  if (!User.Identity.IsAuthenticated)
   {
      return Redirect(Url.Content("~/"));
   }

  var binding = new Saml2PostBinding();
  var saml2LogoutRequest = await new Saml2LogoutRequest(config, 
  User).DeleteSession(HttpContext);
  return Redirect("~/Logout");
}