[quote][/quote]
Hello,
same problem with CanSLO here.
Right now, I am using your ExampleIdentityProvider and ExampleServiceProvider examples to test login and logout and, of course, they work.
Since I need to implement SAML in our ServiceProvider, I wanted to use you example IdP and connect to it.
I call this method in my Login.aspx page
SAMLServiceProvider.InitiateSSO(Response, returnUrl, partnerIdP);
and in the AssertionConsumerService.aspx i use SnippetSAMLServiceProvider.ReceiveSSO
This is what i get in the logs:
[sub]19024/7: 15/09/2020 13:32:08: Identity provider session (40a1e9eb-5d4d-45e0-a6ae-27c059494993) state:
SSO session state:
Partner name: https://ExampleServiceProvider
Name ID: testuser
Session index: _ec1234af-999f-47cb-807a-1bbfb9991d1f
19024/7: 15/09/2020 13:32:08: An SSO response has been successfully sent to the partner service provider https://ExampleServiceProvider.[/sub]
When I try to log out, CanSLO return false and nothing is written/added to the log file: i get redirected to the login page, credentials are still valid so i don't have to insert them so i get into my application directly.
Where am i wrong? is it possibile to use your IdP example as a stand alone service to connect to with any SP implementing SAML (for testing purposes) or it is strongly tied to your SP Example?
Thank you
Fabio
same problem with CanSLO here.
Right now, I am using your ExampleIdentityProvider and ExampleServiceProvider examples to test login and logout and, of course, they work.
Since I need to implement SAML in our ServiceProvider, I wanted to use you example IdP and connect to it.
I call this method in my Login.aspx page
SAMLServiceProvider.InitiateSSO(Response, returnUrl, partnerIdP);
and in the AssertionConsumerService.aspx i use SnippetSAMLServiceProvider.ReceiveSSO
This is what i get in the logs:
[sub]19024/7: 15/09/2020 13:32:08: Identity provider session (40a1e9eb-5d4d-45e0-a6ae-27c059494993) state:
SSO session state:
Partner name: https://ExampleServiceProvider
Name ID: testuser
Session index: _ec1234af-999f-47cb-807a-1bbfb9991d1f
19024/7: 15/09/2020 13:32:08: An SSO response has been successfully sent to the partner service provider https://ExampleServiceProvider.[/sub]
When I try to log out, CanSLO return false and nothing is written/added to the log file: i get redirected to the login page, credentials are still valid so i don't have to insert them so i get into my application directly.
Where am i wrong? is it possibile to use your IdP example as a stand alone service to connect to with any SP implementing SAML (for testing purposes) or it is strongly tied to your SP Example?
Thank you
Fabio
I managed to make it work with IE or Edge.
I noticed that with one of these two browser i have the cookie SAML_SessionId (I saw it using debugging tools F12) while with Chrome, that I always used during previous tests, this cookie is not present.
Is this the cookie you create to keep the link with the asp session? If so, why i don't have it with Chrome?
Thank you
Fabio
[/quote]
What version of the SAML product are you using?
Earlier this year we updated the SAML_SessionId cookie so it's marked as Secure and SameSite=None in support of Chrome browser changes.
The SAML_SessionId is used to maintain SAML session state in support of the SAML protocol. If it's not sent by the browser we won't be able to support SLO.
Are you using HTTPS to access your application? This is required as the cookie's marked as secure.
If there's still an issue, please enable SAML trace at your SP and send the generated log file as an email attachment to support@componentspace.com mentioning your forum post.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace
I'd like to see your application start-up, the successful SSO and failing SLO.
Also, use the browser developer tools (F12) to capture the network traffic and send the saved HAR file.
Please use Chrome's Incognito mode so no old session cookies are used. [/quote]
Sorry for my very delayed answer.
I was able to fix the problem since, as many times happens, it resided between the chair and the keyborad ;-)
I was running my application in debug mode in Visual Studio. My endpoints were correclty configured both in the SP and in the Idp. The application had https enabled.. BUT (!!!) it started with http so that when CanSLO was called this was from a different address and it returned false.
Having my app starting in https (and all the endpoint in http too), i was able to call the SLO correctly.
I hope this explanation makes sense to you.
Thank you
Fabio
EDIT: i forgot to mention that we use the 4.0.0 licensed version