I am implementing an IdP and when the SP sends a new request while a pending request still exists, the IdP replies to the first request instead of the second one. That may cause an issue on the SP (which I don’t have control) if it checks for the InResponseTo to match.
Is there any way to ignore any pending SSO requests when starting a new one?
Tahnks.
If there are multiple pending SAML authn requests within the browser session, SAMLIdentityProvider.SendSSO sends a SAML response for the most recently received authn request. The rationale is that the service provider has most likely overridden earlier requests.
In your example, the IdP would reply to the second request not the first.
You can call SAMLController.DeleteSSOSession prior to calling SAMLIdentityProvider.ReceiveSSO to clear any pending SAML authn requests within this browser session.