Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
/signout-oidc endpoint on ASP.NET WebForms client
See original GitHub issueI have an IdentityServer4 provider and I’m trying to connect an ASP.NET WebForms 4.5.2 client using OpenIdConnect 3.0.1. Everything works fine but I’m having a problem with /signout-oidc endpoints on the WebForms client: it doesn’t seem to exist. I’m getting 404 error. Interestingly, /signin-oidc does exist. I’m using same configuration for an ASP.NET Core client with the same OpenIdConnect 3.0.1 version and /signout-oidc does work there. Am I doing something wrong?
Here’s the /connect/endsession/callback and /signout-oidc log from logout process using Fiddler:
GET /connect/endsession/callback?sid=5f5617803ca616c7cb247d2d30f178af&logoutId=1ea004139be63cfd7d088ef6ea1483be HTTP/1.1
HTTP/1.1 200 OK
Date: Mon, 03 Apr 2017 08:08:53 GMT
Content-Type: text/html; charset=UTF-8
Server: Kestrel
Cache-Control: no-store, no-cache, max-age=0
Pragma: no-cache
Set-Cookie: idsrv.ClientSessions.5f5617803ca616c7cb247d2d30f178af=.; expires=Sun, 03 Apr 2016 08:08:53 GMT; path=/; httponly
Set-Cookie: LogoutMessage.1ea004139be63cfd7d088ef6ea1483be=.; expires=Sun, 03 Apr 2016 08:08:53 GMT; path=/; httponly
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline' 'sha256-u+OupXgfekP+x/f6rMdoEAspPCYUtca912isERnoEjY=';frame-src http://localhost:9869
X-Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline' 'sha256-u+OupXgfekP+x/f6rMdoEAspPCYUtca912isERnoEjY=';frame-src http://localhost:9869
Content-Length: 223
<!DOCTYPE html><html><style>iframe{display:none;width:0;height:0;}</style><body><iframe src='http://localhost:9869/signout-oidc?sid=5f5617803ca616c7cb247d2d30f178af&iss=http%3A%2F%2Flocalhost%3A3027'></iframe></body></html>
GET /signout-oidc?sid=5f5617803ca616c7cb247d2d30f178af&iss=http%3A%2F%2Flocalhost%3A3027 HTTP/1.1
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/10.0
X-SourceFiles: =?UTF-8?B?RDpcUHJvamVjdHNcS1lTVjNcU291cmNlXElkZW50aXR5LkF1dGhlbnRpY2F0aW9uXFRlc3RzXElkZW50aXR5LkF1dGhlbnRpY2F0aW9uLkNsaWVudC5XZWJGb3Jtc1xzaWdub3V0LW9pZGM=?=
X-Powered-By: ASP.NET
Date: Mon, 03 Apr 2017 08:08:53 GMT
Content-Length: 5089
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>IIS 10.0 Detailed Error - 404.0 - Not Found</title>
...
Issue Analytics
- State:
- Created 6 years ago
- Comments:12 (7 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@deastr The sign-out standard was still being developed when Katana released.
You primarily need to clear auth cookies and any Session contents.
@selfissued it is not possible to verify the user because no cookie get sent (on different domains then the OP) which allows to identify the user, login out regardless of the sid is a great possibility for a Denial of Service.
@brentschmaltz the feedback i’m looking is a possibility to log the user securely logout. But this seems not possible with OpenId Connect Front Channel Logout.
Sorry, i’m on vacation, so this answer took awhile