ComponentSpace

Forums



SamlLogout SAMLRequest


SamlLogout SAMLRequest

Author
Message
Paladin
Paladin
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 4, Visits: 18

In my testing, my IdP's SLO page is getting invoked when the SP logs out, which is what I expected.
In the URL, a SAMLRequest variable is getting passed, something like
http://localhost/IdpSamlLogout.aspx?SAMLRequest=nZJfa4MwF ....
What can I do with this SAMLRequest variable?  Can I get information about the SP that logged out?  If so, how?


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The SAMLRequest is the SAML logout request encoded using the HTTP-redirect binding. The logout request includes an issuer which identifies the service provider that sent the logout request.
If you use the SAML high-level API the processing of the logout request including decoding the message etc is handled automatically. The ExampleIdentityProvider and ExampleServiceProvider projects demonstrate this.
If you use the low-level API then you can call SingleLogoutService.ReceiveLogoutMessageByHTTPRedirect which will receive and decode the logout request. The low-level API SAML2IdentityProvider project demonstrates how to make this call.
However, you are best to use the high-level API if possible as it is easier to use and requires less code in your application.


Regards
ComponentSpace Development
Paladin
Paladin
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 4, Visits: 18
Yes, we want to use the high level API.

In my testing, if I have an entry like
SingleLogoutServiceUrl=http://localhost/SSO/IdpSamlLogout.aspx?entryId=foursquare
in my PartnerIdentityProvider, when I issue the InitiateSLO command, the entryId=foursquare parm is replaced by the SAMLRequest parm.

Unfortunately, the IdP in real life wants that entryId=foursquare parm.  Is there any way to do this?

Tags
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The entryID=foursquare should be retained.
Could you please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning this topic?http://www.componentspace.com/Forums/17/Enabing-SAML-Trace


Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search