In the high level API example, the SSOService endpoint looks like this: https://gist.github.com/dmarlow/43dd1206377c07d664f8f17ff028bdeb
Could this be split into two endpoints such that a redirect happens in order to send the SSO?
The idea behind it is that I need to store the partnerSP so that I can use it later. Like this: https://gist.github.com/dmarlow/ff07ff4b4d8d746b0dd9a291330667dc
However, if I put the partnerSP value into the session and the user doesn’t end up going to the SP but goes to another, the values in the Session won’t be correct. I’m wondering if I split things like this example here: https://gist.github.com/dmarlow/665648db89ab648e0f7916a5fe48a284 if things would still work.
It looks fine to me.
There are no problems in making multiple redirects between calling SAMLIdentityProvider.ReceiveSSO and SAMLIdentityProvider.SendSSO.
[quote]
[/quote]
Thanks for the confirmation. Is something stored in some cache that identifies how to perform the SendSSO and to whom (what SP)? I'm curious what conditions would cause the SendSSO to not work correctly.
Yes, we store SAML SSO session information which includes the SP name so we know here to send the SAML response when you call SendSSO.
By default the SAML SSO session information is stored in the ASP.NET session.