I'm integrating keycloak to a .net framework 4.7.2 MVC project.
My Startup class is like this;
public class Startup
{
const string persistentAuthType = "keycloak_auth";
private string keycloakBaseUrl = ConfigurationManager.AppSettings["KeycloakBaseUrl"];
private string keycloakRealm = ConfigurationManager.AppSettings["KeycloakRealm"];
private string keycloakClient = ConfigurationManager.AppSettings["KeycloakClient"];
public void Configuration(IAppBuilder app)
{
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = persistentAuthType
});
app.SetDefaultSignInAsAuthenticationType(persistentAuthType);
app.UseKeycloakAuthentication(new KeycloakAuthenticationOptions
{
Realm = keycloakRealm,
ClientId = keycloakClient,
KeycloakUrl = keycloakBaseUrl,
AuthenticationType = persistentAuthType,
AllowUnsignedTokens = false,
DisableIssuerSigningKeyValidation = true,
DisableIssuerValidation = true,
DisableAudienceValidation = true,
DisableRefreshTokenSignatureValidation = true,
TokenClockSkew = TimeSpan.FromSeconds(2)
});
}
}
For the logout, I tried two options:
[Authorize]
public ActionResult KeycloakLogout()
{
var id_token = GetIDToken();
string keycloakLogoutUrl = String.Format("{0}/realms/{1}/protocol/openid-connect/logout?id_token_hint={2}", keycloakBaseUrl, keycloakRealm, id_token);
return Redirect(keycloakLogoutUrl);
}
Above example, I see the keycloak page saying I am logged out. However User.Identity.IsAuthenticated is still true.
Then I tried:
[Authorize]
public ActionResult KeycloakLogout()
{
HttpContext.GetOwinContext().Authentication.SignOut("keycloak_auth");
return Redirect("homeurl");
}
In this case, keycloak shows an error "Missing Parameters: id_token_hit". However in this case User.Identity.IsAuthenticated is false.
How to perform the logout correctly?