Identity server single sign out, logout from server too

Question

Here is my logout code that I use in relying party:

    FederationConfiguration cfg = FederatedAuthentication.FederationConfiguration;
    var fam = FederatedAuthentication.WSFederationAuthenticationModule;
    fam.SignOut(false);
    var signOutRequestMessage = new SignOutRequestMessage(new Uri(fam.Issuer), fam.Realm);
    return new RedirectResult(signOutRequestMessage.WriteQueryString());

And get logout from RP and redirected to Identity server "Signed out" page, but I still remain logged in at Identity server, is this expected behaviour? How can I change this so I get logged out from Identity server also?

Answer 1

I've modified HRDController:

 private ActionResult ShowSignOutPage(string returnUrl)
 {
   ....
   FederatedAuthentication.SessionAuthenticationModule.DeleteSessionTokenCookie(); //added this
   return View("Signout", realms);
 }

Answer 2

It depends how the IdentityServer is doing authentication. If it's cookie based, then you should be logged out but if it's using something like integrated windows auth, then you're going to get automatically logged back in.