This comes from a ticket that took like 9 months to resolve, so I'm posting it to save others the hassle :)
The site has a company login that is *just* Google auth, no SF or any other mechanism to get in. The problem was on logout of sitefinity the user was still logged into google. So when they click the sitefinity login button again they don't even get prompted to log into google (since they already are), sitefinity just sends them right in.
So on a public computer you can see where this causes problems right... if user X forgets to sign out of google and user Y sits down, sitefinity logs user Y in AS user X.
Here's how to fix this
- Configure identity server to allow a specific redirect url after sitefinity logout, you do that here:
- Authentication
- SecurityTokenService
- IdentityServer
- Clients
- sitefinity
- PostLogoutRedirectUris
- ...click Create new, add your Url
So sitefinity's logout route is this
/Sitefinity/SignOut?sts\_signout=true&redirect\_uri=
One would think you could just change it to be
/Sitefinity/SignOut?sts\_signout=true&redirect\_uri=https://mail.google.com/mail/u/0/?logout&hl=en&hlor
But you would be wrong, this is what took so long to resolve the ticket... the redirect uri actually needs to be ENCODED at this point or it won't work.
So this URI will work just fine
/Sitefinity/SignOut?sts\_signout=true&redirect\_uri=https%3A%2F%2Fmail.google.com%2Fmail%2Fu%2F0%2F%3Flogout%26hl%3Den%26hlor
What happens from here is you're sent to the SF logout page, properly logged out from sitefinity then instantly sent over to the google signout page and signed out from there as well.
Works fantastic!