Our recommendation is to use separate endpoints. However, support for this was added in v2.0.6. The IProvider interface now includes: Task<SamlMessageType> PeekMessageTypeAsync();
The SamlMessageType is: public enum SamlMessageType { /// <summary> /// Unknown. /// </summary> Unknown,
/// <summary> /// Authn Request. /// </summary> AuthnRequest,
/// <summary> /// SAML Response. /// </summary> SamlResponse,
/// <summary> /// Logout Request. /// </summary> LogoutRequest,
/// <summary> /// Logout Resoonse. /// </summary> LogoutResponse }
The following example code is how an identity provider would handle SSO and SLO messages sent to the same endpoint. switch (await _samlIdentityProvider.PeekMessageTypeAsync()) { case SamlMessageType.AuthnRequest: var ssoResult = await _samlIdentityProvider.ReceiveSsoAsync(); break;
case SamlMessageType.LogoutRequest: case SamlMessageType.LogoutResponse: var sloResult = await _samlIdentityProvider.ReceiveSloAsync(); break; }
The following example code is how a service provider would handle SSO and SLO messages sent to the same endpoint. switch (await _samlServiceProvider.PeekMessageTypeAsync()) { case SamlMessageType.SamlResponse: var ssoResult = await _samlServiceProvider.ReceiveSsoAsync(); break;
case SamlMessageType.LogoutRequest: case SamlMessageType.LogoutResponse: var sloResult = await _samlServiceProvider.ReceiveSloAsync(); break; }
Regards ComponentSpace Development
|