ensure we call signout on user service for federated signout

IdentityServer · Nov 23, 2015 · f7856c1 · f7856c1
1 parent 6678528
commit f7856c1
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 13 deletions.
diff --git a/source/Core/Endpoints/AuthenticationController.cs b/source/Core/Endpoints/AuthenticationController.cs
@@ -604,21 +604,17 @@ public async Task<IHttpActionResult> Logout(string id = null)
             context.QueueRemovalOfSignOutMessageCookie(id);
             context.ClearAuthenticationCookies();
             context.SignOutOfExternalIdP();
-
-            if (user != null && user.Identity.IsAuthenticated)
-            {
-                var message = signOutMessageCookie.Read(id);
-                var signOutContext = new SignOutContext
-                {
-                    Subject = user
-                };
 
-                if (message != null)
-                {
-                    signOutContext.ClientId = message.ClientId;
-                }
+            string clientId = null;
+            var message = signOutMessageCookie.Read(id);
+            if (message != null)
+            {
+                clientId = message.ClientId;
+            }
+            await context.CallUserServiceSignOutAsync(clientId);
 
-                await this.userService.SignOutAsync(signOutContext);
+            if (user != null && user.Identity.IsAuthenticated)
+            {
                 await eventService.RaiseLogoutEventAsync(user, id, message);
             }
 

diff --git a/source/Core/Extensions/InternalOwinExtensions.cs b/source/Core/Extensions/InternalOwinExtensions.cs
@@ -19,6 +19,7 @@
 using IdentityServer3.Core.Configuration;
 using IdentityServer3.Core.Configuration.Hosting;
 using IdentityServer3.Core.Models;
+using IdentityServer3.Core.Services;
 using Microsoft.Owin;
 using Microsoft.Owin.Security;
 using System;
@@ -506,5 +507,27 @@ public static void SignOutOfExternalIdP(this IOwinContext context)
                 }
             }
         }
+
+        public static async Task CallUserServiceSignOutAsync(this IOwinContext context, string clientId = null)
+        {
+            if (context == null) throw new ArgumentNullException("context");
+
+            var result = await context.Authentication.AuthenticateAsync(Constants.PrimaryAuthenticationType);
+            if (result != null)
+            {
+                var user = result.Identity;
+                if (user != null && user.IsAuthenticated)
+                {
+                    var signOutContext = new SignOutContext
+                    {
+                        Subject = new ClaimsPrincipal(user),
+                        ClientId = clientId
+                    };
+
+                    var userService = context.ResolveDependency<IUserService>();
+                    await userService.SignOutAsync(signOutContext);
+                }
+            }
+        }
     }
 }
diff --git a/source/Core/Extensions/OwinEnvironmentExtensions.cs b/source/Core/Extensions/OwinEnvironmentExtensions.cs
@@ -644,6 +644,7 @@ public static async Task ProcessFederatedSignoutAsync(this IDictionary<string, o
 
             var context = new OwinContext(env);
             context.ClearAuthenticationCookies();
+            await context.CallUserServiceSignOutAsync();
 
             var sessionCookie = context.ResolveDependency<SessionCookie>();
             var sid = sessionCookie.GetSessionId();