I have a solution where WIF is used for SSO and one of the sites is a Relate+ site. Logging on works fine and the user is picked up by the integration provider and replicated to the community database. Logging off however is proving difficult.
The STS keeps track of which applications have been used and makes sure the Relate+ application receives an event when the federated signout occurrs. In this event handler I call OnlineStatusHandler.Instance.LogOffUser to expire the user's login, but it has no effect. The user stays logged in to the community, even though all other applications perceive the user as logged out.
Which version is this happening in?
I can add that I have tried other ways to "kill" the currently logged in principal (abandoning the session) but that doesn't work either.
This wasn't the problem, the logout seems fine. I had a config mismatch (or actually a match, but should have been different settings) between my local environment and test. The SSO didn't work correctly with my local environment, and the federated signout never hit the test application. So two separate errors.
It seems the user is now correctly logged out even without calling OnlineStatusHandler.LogOffUser. Instead I have a new problem that seems to be session related, but I'll have to look further into that to see if it is even related.