•  10-12-2019
  •  | 
  •  

Question

I am using a custom STS for SP.The site is SAML token enabled with SSO implmentation. The logout is not working properly.How do i implement custom Signout .do i need to clear the SP session or clear cookies?

Was it helpful?

Solution

I've just tackled this exact task this morning. You'll need your Custom STS to keep track of the sites that are logged in, and in the wsignout1.0 handler, you'll need to go through the list and sign them out.

Full description of this method, a helper class to keep track of the RPs logged into, and code to add to your wsignout handler are all here:

http://netpl.blogspot.co.uk/2010/12/wif-ws-federation-and-single-sign-out.html

I made one modification to the helper class though, I added a CleanUp method to remove the cookie that keeps track of the RPs once you're signed out:

public static void CleanUp()
{
    HttpCookie siteCookie = HttpContext.Current.Request.Cookies[SITECOOKIENAME];

    if (siteCookie != null)
        HttpContext.Current.Response.Cookies[SITECOOKIENAME].Expires = DateTime.Now.AddDays(-1);
}

And then, at the end if your signout handler, just call it. Here's my signout handler block:

        else if ( action == WSFederationConstants.Actions.SignOut )
        {
            // Process signout request.
            SignOutRequestMessage requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri( Request.Url );
            FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest( requestMessage, User, requestMessage.Reply, Response );

            string[] signedInUrls = SingleSignOnManager.SignOut();
            lblSignoutText.Visible = true;
            foreach (string url in signedInUrls)
            {
                SignOutLinks.Controls.Add(
                    new LiteralControl(string.Format(
                        "<p><a href='{0}'>{0}</a>&nbsp;<img src='{0}?wa=wsignoutcleanup1.0' " +
                        "title='Signout request: {0}?wa=wsignoutcleanup1.0'/></p>", url)));
            }

            SingleSignOnManager.CleanUp();
        }

Works like a charm. Remember to create an asp:Label called lblSignoutText and a div called SignOutLinks on your Default.aspx

The only thing you'll have to figure out yourself, is that each SharePoint site's logout link will need to be hidden, and you'll have to create your own signout link which points to:

http://mycustomsts/Default.aspx?wa=wsignout1.0

(I was actually Googling for a clever way of doing this when I came across this question. Hope my answer helps!)

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top