I am using ADFS as Identity Provider, whenever I try to do SSO from ADFS it prompt us for Login ID and password.
If I dont logout from IDP and try to login again, it do not prompt me User ID and Password again
two things that we wanted to know
1. Is there any option to check if session is available with IDP or not, ( case when user was not prompted to input user/password details)
2. how I initiate a SLO to log out user from IDP also,
I am using ComponentSpace Example (LowLevelAPI/ExampleServiceProvider and others also)
whenever I try to do SLO. i can see that session is still available to Identity Provider.
Thanks
The SAML specification doesn’t include a mechanism for checking whether the user has an authentication session at the IdP.
I recommend using the SAML high-level API.
The ExampleServiceProvider project under the Examples\SSO\HighLevelAPI\WebForms folder demonstrates SSO and SLO to various IdPs including ADFS.
SAMLServiceProvider.InitiateSLO is called to send a SAML logout request to ADFS.
SAMLServiceProvider.ReceiveSLO is called to receive and process the logout response from ADFS.
Depending on the authentication method and the browser used, although ADFS reports logout as successful, the user may not be logged out from ADFS.
For example, with forms authentication and using Chrome, the user is logged out from ADFS.
When using Microsoft Edge, no error occurs but the user is still logged into ADFS.
This functionality is controlled by ADFS.
For more information, please refer to ADFS Relying Party Integration Guide’s sections on ADFS Authentication Methods and Windows Integrated Authentication.
https://www.componentspace.com/Forums/8239/ADFS-Integration-Guides
[quote][/quote]
The SAML specification doesn't include a mechanism for checking whether the user has an authentication session at the IdP.
I recommend using the SAML high-level API.
The ExampleServiceProvider project under the Examples\SSO\HighLevelAPI\WebForms folder demonstrates SSO and SLO to various IdPs including ADFS.
SAMLServiceProvider.InitiateSLO is called to send a SAML logout request to ADFS.
SAMLServiceProvider.ReceiveSLO is called to receive and process the logout response from ADFS.
Depending on the authentication method and the browser used, although ADFS reports logout as successful, the user may not be logged out from ADFS.
For example, with forms authentication and using Chrome, the user is logged out from ADFS.
When using Microsoft Edge, no error occurs but the user is still logged into ADFS.
This functionality is controlled by ADFS.
For more information, please refer to ADFS Relying Party Integration Guide's sections on ADFS Authentication Methods and Windows Integrated Authentication.
https://www.componentspace.com/Forums/8239/ADFS-Integration-Guides
I recommend using the SAML high-level API.
The ExampleServiceProvider project under the Examples\SSO\HighLevelAPI\WebForms folder demonstrates SSO and SLO to various IdPs including ADFS.
SAMLServiceProvider.InitiateSLO is called to send a SAML logout request to ADFS.
SAMLServiceProvider.ReceiveSLO is called to receive and process the logout response from ADFS.
Depending on the authentication method and the browser used, although ADFS reports logout as successful, the user may not be logged out from ADFS.
For example, with forms authentication and using Chrome, the user is logged out from ADFS.
When using Microsoft Edge, no error occurs but the user is still logged into ADFS.
This functionality is controlled by ADFS.
For more information, please refer to ADFS Relying Party Integration Guide's sections on ADFS Authentication Methods and Windows Integrated Authentication.
https://www.componentspace.com/Forums/8239/ADFS-Integration-Guides
Thanks for the information,
One more things I wanted to ask, can we support jumpcloud Authentication with SAML2.0 with same library based on Configuration also?
Yes. We don’t have any experience with JumpCloud but it should just be a matter of setting up the correct configuration.