ComponentSpace

Forums



Multi Logout With SAML2


Multi Logout With SAML2

Author
Message
sal1
sal1
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 7

Hi,

How to logout from all service provider at the same time?

When user logout request, i want to be logout from all service provider.


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Assuming your site is the identity provider, this is handled automatically when you call SAMLIdentityProvider.InitiateSLO (for IdP-initiated SLO) or SAMLIdentityProvider.ReceiveSLO (when receiving a logout request for SP-initiated SLO).
Our code keeps track of all the service providers that are in SSO with the identity provider for the particular user.
Calling SAMLIdentityProvider.InitiateSLO initiates a SAML logout request being sent to a service provider followed by a logout response being received from the service provider.
This repeats for each of the service providers.
Please note that any failure in the flow (eg a service provider doesn't return a logout response) will terminate the flow.
This is a limitation of SLO.

Regards
ComponentSpace Development
sal1
sal1
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 7
ComponentSpace - Tuesday, May 10, 2016
Assuming your site is the identity provider, this is handled automatically when you call SAMLIdentityProvider.InitiateSLO (for IdP-initiated SLO) or SAMLIdentityProvider.ReceiveSLO (when receiving a logout request for SP-initiated SLO).
Our code keeps track of all the service providers that are in SSO with the identity provider for the particular user.
Calling SAMLIdentityProvider.InitiateSLO initiates a SAML logout request being sent to a service provider followed by a logout response being received from the service provider.
This repeats for each of the service providers.
Please note that any failure in the flow (eg a service provider doesn't return a logout response) will terminate the flow.
This is a limitation of SLO.

i used SAMLIdentityProvider.InitiateSLO(Response,null) like you said but i have error, you can see below.

Thanks.




ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
By default we keep track of the partner service providers in the user's ASP.NET session.
Please ensure you don't clear the ASP.NET session prior to calling SAMLIdentityProvder.InitiateSLO.
If there's still an issue, please enable SAML trace and send the generated log file to [email protected] mentioning this forum post.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace


Regards
ComponentSpace Development
slaneyrw
slaneyrw
New Member
New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)New Member (14 reputation)

Group: Forum Members
Posts: 11, Visits: 62
ComponentSpace - 5/11/2016
By default we keep track of the partner service providers in the user's ASP.NET session.
Please ensure you don't clear the ASP.NET session prior to calling SAMLIdentityProvder.InitiateSLO.
If there's still an issue, please enable SAML trace and send the generated log file to [email protected] mentioning this forum post.
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace

Apologies for commenting on a really old post.

In our system, as the SAML identity provider to other applications, we are secured by an upstream OIDC provider.  When we get an OIDC endsession request I need to dispatch ALL of the SLO requests immediately and simultaneously, I cannot wait for each to round trip as we are under a strict time constraint.

Is it possible to, in the InitiateSLOAsync method, to output each SLO request in a seperate IFrame, in the same way the OIDC front channel logout works?
In addition, how do I clear the saml state for any partner who doesn't participate in SLO, InitiateSLOAsync throws a SamlProtocolException if there are only service partners without SLO configured.  The SamlState object is not public so I cannot retrieve it from the ISsoSessionState instance. ( LoadAsync<T> and/or RemoveAsync<T> )
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
InitiateSloAsync doesn't support sending each SAML logout request simultaneously using iFrames etc. It's not something that's included in the SAML specification.

We introduced an ISamlProvider.ClearSessionAsync method which clears the current SAML session state. This is for all partners and isn't partner specific. This is available in v4.0.0 of the SAML for ASP.NET Core product.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search