Attempting to perform an Idp initiated logout. Following the .net 9 example which is basically one line of code:
// Request logout at the service provider(s).
await _samlIdentityProvider.InitiateSloAsync(relayState: returnUrl);
I am recieving this error:
There are no partner service providers to logout
My service provider configuration on the IdP site is setup correctly since I can perform SSO without issue.
When I perform the same call but from the Service Provider, there is a partner name parameter in the same call:
await _samlServiceProvider.InitiateSloAsync(samlUtils.PartnerIdP, relayState: relayState);
Is something missing from the Identity Provider initiated logout method? Or am I doing something wrong.
Thanks!
If there are no SAML SSO sessions to logout then you’ll receive this error.
The ExampleIdentityProvider project first checks if SLO can happen before calling _samlIdentityProvider.InitiateSloAsync.
var ssoState = await _samlIdentityProvider.GetStatusAsync();
if (await ssoState.CanSloAsync())
{
// Initiate SAML logout.
return RedirectToAction("InitiateSingleLogout", "Saml");
}
You should include a similar check in your application.
_samlServiceProvider.InitiateSloAsync includes a partner name parameter as it’s possible for the service provider to have SAML SSO sessions to multiple identity providers. The parameter specifies which identity provider to initiate SLO to.
_samlIdentityProvider.InitiateSloAsync doesn’t require this parameter as all service providers will be logged out as part of SLO.