ComponentSpace

Forums



CanSLO from ApiController using SignOut API


CanSLO from ApiController using SignOut API

Author
Message
amitm
amitm
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 5
Hello Team,

I would like to implement SLO using SignOut API written in one of the controller inherited from ApiController. This SignOut API is getting called from client written in typescript. I am unable to get the Response object in my controller inherited from ApiController to pass into InitiateSLO method

E.g. SAMLIdentityProvider.InitiateSLO(Response, null, null);

Am i doing anything wrong, please suggest how can I use the (SLO) or Response object under web api controller?

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
SAMLIdentityProvider.InitiateSLO will result in a 302 HTTP response being returned to the browser. The redirect URL is the logout service of the service provider with the SAML logout request encoded as a query string parameter.

Calling this method within a web API is problematic. The client presumably is expecting a 200 HTTP response and won't be able to handle the 302 correctly.

Our recommendation is to not invoke SAML SSO or SLO from a web API. Instead, the client should have the browser initiate an HTTP Get to particular endpoints to initiate SSO or SLO.

Regards
ComponentSpace Development
amitm
amitm
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 5
Hello Team,

Thanks for the response, If I say same way (in API within an APIController), if I would like initiate SLO from ServiceProvider will that be recommended ?

E.g. SAMLServiceProvider.InitiateSLO(Response, null, null);

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Calling SAMLIdentityProvider.InitiateSLO or SAMLServiceProvider.InitiateSLO within a web API is problematic for the reasons mentioned above. Both result in a 302 HTTP response.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 3 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search