We have an application which provides sso authentication. three other applications get authenticated from sso application. Once user get logged into all application, I initiated a sso logout. sso app send logout request to app1 and then app1 respond with SAML logout response.Once sso app received SAML logout response, it will send a logout request to app2 and then app3. Some times this whole flow works fine and sometime not. I have seen that when app2/app3/app1 is responding, sso application authentication cookies got disappeared from browser and that request becomes unautneticated for sso app and user is not able to logout from all applications.
Authentication middleware:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.Cookie.Name = ".federation_user_authentication";
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None;
options.Cookie.Path = "/";
options.Cookie.IsEssential = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(
Convert.ToDouble(
systemParamsCollection[nameof(JwtTokenVerificationParameterModel.ValidFor)]));
options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.None;
if (Convert.ToBoolean(configuration["IsCloudDeployment"]))
{
options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.Always; // Cookie/sso login will not work on localhost. because it is on http
}
});
Could you let me know what is reason and why authentication cookie got disappeared after 2-3 times redirection between apps ?
