Hello Team,
I would like to implement SLO using SignOut API written in one of the controller inherited from ApiController. This SignOut API is getting called from client written in typescript. I am unable to get the Response object in my controller inherited from ApiController to pass into InitiateSLO method
E.g. SAMLIdentityProvider.InitiateSLO(Response, null, null);
Am i doing anything wrong, please suggest how can I use the (SLO) or Response object under web api controller?
SAMLIdentityProvider.InitiateSLO will result in a 302 HTTP response being returned to the browser. The redirect URL is the logout service of the service provider with the SAML logout request encoded as a query string parameter.
Calling this method within a web API is problematic. The client presumably is expecting a 200 HTTP response and won’t be able to handle the 302 correctly.
Our recommendation is to not invoke SAML SSO or SLO from a web API. Instead, the client should have the browser initiate an HTTP Get to particular endpoints to initiate SSO or SLO.
Hello Team,
Thanks for the response, If I say same way (in API within an APIController), if I would like initiate SLO from ServiceProvider will that be recommended ?
E.g. SAMLServiceProvider.InitiateSLO(Response, null, null);
Calling SAMLIdentityProvider.InitiateSLO or SAMLServiceProvider.InitiateSLO within a web API is problematic for the reasons mentioned above. Both result in a 302 HTTP response.