I am using the low-level APIs to generate an SP-initiated logout request. When using HTTP redirect, how do I specify which signature algorithm to use? My application is multi-tenant, so sometimes I need SHA-1 and other times SHA-256. I believe the function I want is this:
SingleLogoutService.SendLogoutRequestByHTTPRedirect(HttpResponse httpResponse, string destinationURL, XmlElement logoutRequest, string relayState, AsymmetricAlgorithm key);
But I don’t see how to specify which signature algorithm to use. For comparison, when doing SP-initiated authentication, I use the overload of ServiceProvider.SendAuthnRequestByHTTPRedirect that takes a signatureAlgorithm argument at the end:
ServiceProvider.SendAuthnRequestByHTTPRedirect(HttpResponse httpResponse, string idpURL, XmlElement authnRequest, string relayState, AsymmetricAlgorithm key, string signatureAlgorithm);
However, SingleLogoutService does not have an overload like that for SendLogoutRequestByHTTPRedirect. Is this a limitation of the library, or is there some other method I should be using?
This is an oversight. I’ll see this is fixed in the next release.
In the meantime, you can call the methods on the ComponentSpace.SAML2.Bindings.HTTPRedirectBinding class directly which do include the signature algorithm.
The SingleLogoutService.SendLogoutRequestByHTTPRedirect method calls into the HTTPRedirectBinding class.
You’re also welcome to email us mentioning this forum post and I can get you a beta release.
Please note that if you used the high-level API this wouldn’t be an issue. The high-level API is recommended and includes support for multi-tenant applications through configuration.
Thank you so much for the fast reply and the upcoming fix in the next release! In the meantime, I will explore one of the workarounds you mentioned.
The v2.6.0.15 update released earlier today includes the mentioned fix. If you’re evaluating the product, you may wish to download it again. If you’ve purchased a license, please email us to discuss upgrade options. Thanks.