I we have client server applications in .Net Core. Our server act as a IDP server (SAMLController) and our client application can initiate SSO for respective SP using RESTAPI from our server. SP site (google, office365) will be opened in client PC’s. We would like to initiate IDP initiate SLO when user log-out from our client applications. In this scenario how we can send InitiateSloAsync from our server. Please share samples for this workflow.
When you say client app, I’m assuming you mean a JavaScript application running in the browser.
The best option is to send an HTTP Get from the browser to your IdP application.
At this endpoint, call InitiateSloAsync to send the SAML logout request.
At your SLO endpoint, call ReceiveSloAsync to receive the SAML logout response.
You can then redirect back to the client app.
Our examples demonstrate calling the SAML API for logout.
I’m afraid at this stage we don’t have an example client app.
[quote][/quote]
When you say client app, I'm assuming you mean a JavaScript application running in the browser.
The best option is to send an HTTP Get from the browser to your IdP application.
At this endpoint, call InitiateSloAsync to send the SAML logout request.
At your SLO endpoint, call ReceiveSloAsync to receive the SAML logout response.
You can then redirect back to the client app.
Our examples demonstrate calling the SAML API for logout.
I'm afraid at this stage we don't have an example client app.
The best option is to send an HTTP Get from the browser to your IdP application.
At this endpoint, call InitiateSloAsync to send the SAML logout request.
At your SLO endpoint, call ReceiveSloAsync to receive the SAML logout response.
You can then redirect back to the client app.
Our examples demonstrate calling the SAML API for logout.
I'm afraid at this stage we don't have an example client app.
Hi
Thanks for responds.
client app means, its run in other pc's and open SP sites using SP initiated SSO (not in IDP Server PC). Now we need to initiate log-out from our IDP server when user log-out from our client app.
In this case do you have any API to send Logout request to any SP using user mail id. or please suggest any other approach for our requirement.
<samlp:LogoutRequest xmlns:samlp=”urn:oasis:names:tc:SAML:2.0:protocol”
xmlns:saml=”urn:oasis:names:tc:SAML:2.0:assertion”
ID=”902380923840239832098423498349848"
Version=”2.0"
IssueInstant=”2016–05–14T00:45:20Z”
Destination=”http://Google.com/SAML2SLOService”>
http:///
<saml:NameID SPNameQualifier=”http://app1.levvel.io/"
Format=”urn:oasis:names:tc:SAML:2.0:nameid-format:transient”>testuesr@test.com</saml:NameID>
The InitiateSloAsync sends a SAML logout request.
The API handles setting the Destination, Issuer, NameID etc fields correctly.
The ExampleServiceProvider project demonstrates supporting SAML logout.
When the user clicks the logout button, it calls InitiateSloAsync.
The SamlController.SingleLogoutService calls ReceiveSloAsync and SendSLoAsync to complete the SLO sequence.
[quote][/quote]
The InitiateSloAsync sends a SAML logout request.
The API handles setting the Destination, Issuer, NameID etc fields correctly.
The ExampleServiceProvider project demonstrates supporting SAML logout.
When the user clicks the logout button, it calls InitiateSloAsync.
The SamlController.SingleLogoutService calls ReceiveSloAsync and SendSLoAsync to complete the SLO sequence.
The API handles setting the Destination, Issuer, NameID etc fields correctly.
The ExampleServiceProvider project demonstrates supporting SAML logout.
When the user clicks the logout button, it calls InitiateSloAsync.
The SamlController.SingleLogoutService calls ReceiveSloAsync and SendSLoAsync to complete the SLO sequence.
Hi
Our question, Is it possible to send InitiateSloAsync with destination, Issuer, NameID etc from IDP log-out. in this case which API need to call to set destination, Issuer, NameID etc
below code from SAML for .NET Core\Examples\SSO\ExampleIdentityProvider\Areas\Identity\Pages\Account\Logout.cshtml.cs
public async Task OnPost(string returnUrl = null)
{
await _signInManager.SignOutAsync();
_logger.LogInformation("User logged out.");
var ssoState = await _samlIdentityProvider.GetStatusAsync();
if (await ssoState.CanSloAsync())
{
// Request logout at the service provider(s).
await _samlIdentityProvider.InitiateSloAsync(relayState: returnUrl);
return new EmptyResult();
}
if (returnUrl != null)
{
return LocalRedirect(returnUrl);
}
else
{
return Page();
}
}
InitiateSloAsync doesn’t support you setting these fields directly.
The API itself will set the correct values for these fields.
Why do you want to set these fields directly rather than letting the API handle them?