When I tried to perform Single Logout from my IdP I received an error "NameId is required to do logout".
Here's my controller:
[HttpPost("logout")]
public Task<IActionResult> Logout([FromServices] ISaml2PService saml2PService)
{
return saml2PService.LogoutAsync(Request, HttpContext, User);
}
but it seems my User doesn't have NameId, so that's why in this line the error is occured
if (string.IsNullOrEmpty(nameIdFormat))
{
NameId = new Saml2NameIdentifier(ReadClaimValue(identity, Saml2ClaimTypes.NameId));
}
Does assigning NameId should be on Login flow or I was wrong to use User for obtaining NameId?
The NameID claim need to be part of the login response to enable logout. A requirement in the SAML 2.0 standard.