Identity Server 4-用作IDP时Google的联合注销 [英] Identity Server 4 - federated logout of google when used as an idp

问题描述

我已将google配置为外部身份提供商.如何配置IdentityServer以便也注销该外部身份提供者以及我的所有客户端应用程序?

I have google configured as an external identity provider. How do I configure IdentityServer to also log out of this external identity provder as well as all my client applications?

仅供参考，客户端应用程序注销已在工作.只想也将用户从google中注销.

FYI, the client application sign out is already working. Just want to log user out of google as well.

推荐答案

Anwer

Google不支持 Google外部身份提供商的退出无法正常运行

Google doesnt supprot it Signout for Google External Identity Provider isn't working

背景信息:

当用户注销IdentityServer并使用外部身份提供程序进行登录时，则很可能应该将其重定向为也注销外部提供程序.并非所有外部提供商都支持注销，因为这取决于他们所支持的协议和功能.

When a user is signing-out of IdentityServer, and they have used an external identity provider to sign-in then it is likely that they should be redirected to also sign-out of the external provider. Not all external providers support sign-out, as it depends on the protocol and features they support.

通常使用在IdentityServer的cookie中发出的idp声明来检测用户是否必须重定向到外部身份提供者以进行注销.声明中设置的值是相应身份验证中间件的AuthenticationScheme.在登出时，请咨询该声明以了解是否需要外部登出.

To detect that a user must be redirected to an external identity provider for sign-out is typically done by using a idp claim issued into the cookie at IdentityServer. The value set into this claim is the AuthenticationScheme of the corresponding authentication middleware. At sign-out time this claim is consulted to know if an external sign-out is required.

[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Logout(LogoutInputModel model)
{
    // build a model so the logged out page knows what to display
    var vm = await _account.BuildLoggedOutViewModelAsync(model.LogoutId);

    var user = HttpContext.User;
    if (user?.Identity.IsAuthenticated == true)
    {
        // delete local authentication cookie
        await HttpContext.SignOutAsync();

        // raise the logout event
        await _events.RaiseAsync(new UserLogoutSuccessEvent(user.GetSubjectId(), user.GetName()));
    }

    // check if we need to trigger sign-out at an upstream identity provider
    if (vm.TriggerExternalSignout)
    {
        // build a return URL so the upstream provider will redirect back
        // to us after the user has logged out. this allows us to then
        // complete our single sign-out processing.
        string url = Url.Action("Logout", new { logoutId = vm.LogoutId });

        // this triggers a redirect to the external provider for sign-out
        return SignOut(new AuthenticationProperties { RedirectUri = url }, vm.ExternalAuthenticationScheme);
    }

    return View("LoggedOut", vm);
}

直接从文档退出外部身份提供者

这篇关于Identity Server 4-用作IDP时Google的联合注销的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！