Basically that's correct but the call to SAMLServiceProvider.SendSLO is only required if SAMLServiceProvider.ReceiveSLO received a request. So, for SP-initiated SLO the sequence is:
// Create and send a SAML logout request. SAMLServiceProvider.InitiateSLO(Response, logoutReason, partnerIdP)
// Receive and process the SAML logout response. SAMLServiceProvider.ReceiveSLO(Request, isRequest, logoutReason, partnerIdP, Nothing)
For IdP-initiated SLO the sequence is:
// Receive and process the SAML logout request. SAMLServiceProvider.ReceiveSLO(Request, isRequest, logoutReason, partnerIdP, Nothing)
// Create and send the logout response. SAMLServiceProvider.SendSLO(Response, Nothing)
I suggest taking a look at the ExampleServiceProvider project under the Examples\SSO\HighLevelAPI\WebForms folder which demonstrates supporting both SAML logout flows.
Regards ComponentSpace Development
|