Orchardcore: [Question]How to use logout like in SSO in all the Tenants?

Created on 7 May 2019 · 3Comments · Source: OrchardCMS/OrchardCore

I'm trying to create an SSO configuration on Orchard where the Default tenant is the Identity Provider using OpenId and use child tenants as Relying Parties .This way I can log a user in any tenant and this one be logged in the others aswell using an OpenId Application as ExternalLogin.

I can acomplish this creating an Application on Default Tenant with an Application with implicit flow and Redirect Uris pointing to child tenants. Then I create OpenId clients in the other tenants with the proper CallbackPath(/connect/token).

What I'm unable to acomplish is that when I log off in any tenant also make the user to signout in the other tenants aswell. I used "/connect/logout" as SignedOut CallbackPath on the child tenants but this callback isn't getting called when I sign out using the log off button from the menu. I tried to call /connect/logout from browser aswell but there request.PostLogoutRedirectUri is null and isn't getting called on the other tenants.

Am I doing something wrong on the configuration or the urls that I need to call? Is any code to needed to make this work?

Thanks in advance for the help.

OpenId question

Source

jardg

All 3 comments

/cc @PinpointTownes

sebastienros on 10 May 2019

👍1

SSO is currently not supported, for a few reasons:

The demand is fairly low.
Both the front-channel and back-channel logout specs are still drafts that haven't been officially adopted yet (which doesn't make much sense to me, TBH).
It would require introducing the concept of "session" to track all the client applications that sent an authorization request after the user was authenticated at the OP. It's not complicated, but it requires some thoughts about how to implement that (specially in OC, whose OpenID and Users features are separate).