I have set the ClocksSkew to 00:00:00 and the LogoutRequestLifeTime to 00:00:00 or 00:00:10. However, when the IdP receives the SLO request from the SP, I paused the process using a breakpoint and waited beyond the specified time before letting the library handle the SLO request. Despite this, it processes the request normally without throwing any exceptions. Additionally, after leaving the default timeout of 3 minutes and waiting beyond that, the SAML logout request is still not invalidated.
Is there another property or configuration that I need to set or modify to ensure that the IdP considers the logout request as invalid when the NotOnOrAfter time is exceeded?
The C# method that the IdP uses to receive the request is as follows:
SsoResult = await _samlIdentityProvider.ReceiveSsoAsync();
Here is the SAML logout request:
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="_c000cdd7-557a-4472-96ed-bfd101c313d8"
Version="2.0"
IssueInstant="2024-10-03T10:46:04Z"
Destination="https://localhost:44333/Idp/SingleSignoutService"
NotOnOrAfter="2024-10-03T10:46:14Z">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">2</saml:Issuer>
<saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">294012711113</saml:NameID>
<samlp:SessionIndex>_ab8a9b6b-a57d-4af6-b349-ac3bc5934224</samlp:SessionIndex>
</samlp:LogoutRequest>
I waited beyond the specified NotOnOrAfter time (2024-10-03T10:46:14Z), but the request is still processed. Any guidance on additional settings or configurations needed.
Thank You,