ADFS在存在活跃的SAML会话时不会向身份提供商转发Logout请求 _编程开发

ADFS在存在活跃的SAML会话时不会向身份提供商转发Logout请求

创始人

2024-07-27 12:31:38

0次

在ADFS服务器上添加以下扩展侦听器来实现自定义的SingleLogout：

using System;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.IdentityServer.Web;
using Microsoft.IdentityServer.Web.Authentication.External;

internal class CustomSamlLogoutListener : IHttpModule
{
    private const string SamlLogoutRequestType = "urn:oasis:names:tc:SAML:2.0:logoutRequest";
    private const string SamlLogoutResponseType = "urn:oasis:names:tc:SAML:2.0:logoutResponse";

    public static Task OnEndRequest(object sender, EventArgs e)
    {
        var httpApplication = (HttpApplication)sender;
        var httpContext = httpApplication.Context;
        var response = httpContext.Response;
        var request = httpContext.Request;
        var correlationId = Guid.NewGuid().ToString();
        SamlLogoutContext samlLogoutContext;

        if (response.StatusCode == 401 && response.Cookies["MSISAuthenticated"] != null)
        {
            var sessionIndex = response.Cookies["MSISAuthenticated"].Value.Split('=').LastOrDefault();

            if (IsSamlLogoutRequest(request, out samlLogoutContext))
            {
                var samlLogoutResponse = SamlProtocolUtils.CreateSamlXmlString(new SamlLogoutResponse
                {
                    InResponseTo = samlLogoutContext.LogoutRequest.Id,
                    Destination = samlLogoutContext.LogoutRequest.Issuer.Value,
                    StatusCode = new StatusCode { Value = SamlConstants.Statuses.Success },
                    Issuer = new Issuer { Value = httpContext.GetIdentityServerIssuerUri() }
                });

                var signOnCookie = response.Cookies[WSFederationConstants.CookieName];
                signOnCookie.Expires = DateTime.Now.AddDays(-1);
                response.Cookies.Add(signOnCookie);

                response.Write(samlLogoutResponse);
                response.ContentType = "text/xml";

                return Task.FromResult(0);
            }
        }

        return Task.FromResult(0);
    }

    private static bool IsSamlLogoutRequest(HttpRequest request, out SamlLogoutContext samlLogoutContext)
    {
        samlLogoutContext = null;

        if (request.RequestType.ToUpper() == "POST")
        {
            var xml

上一篇：ADFS与Web Api控制器无法重定向到ADFS登录页面的问题

下一篇：ADFS灾难恢复计划

ADFS在存在活跃的SAML会话时不会向身份提供商转发Logout请求

相关内容

热门资讯