Forums, Documentation & Knowledge Base - ComponentSpace

How to retrieve Session index from the SAML Assertion


https://componentspace.com/forums/Topic10470.aspx

By ravikanth - 11/25/2019

Hello Component team.

We have implemented the  SAML Service to handle the SAML Authentication using component space, The service handles SP-Initiated flows. I have implemented the SP initiated SSO and it works as expected for SAML IDP's {PingOne,OneLogin}, I'm now working on logout flow, to successfully logout the user from the SAML IDP, the SLO (logout) request should contain the session index and name id.  As part of the SP-Initiated SSO  implementation the ReceiveSsoAsync() method returns the SSO results which contains the property "spSsoResult.UserID" and other properties are saved in database, however I could not find a way to extract the session index present in the SAML ACS, I believe which is must to logout from the SAML IDP's

ACS response value
 <saml:AuthnStatement AuthnInstant="2019-11-25T16:50:41.389Z" SessionIndex="I12squujoEC7-W2HnvBkmDDcLQGfXt2LNEgTqQ_rX5T__PTAQG4w">

FYI**: I'm not sure if we are using ASP.Net Session to save the session information, we are defaulting to componentSpace requirements, if any.  in our case the service does not maintains any state, as it just provides the SAML Services, the service extracts the information from the assertion and save it in database so that other authorization services can use that information and provider the resources to the users.
 
In  article, its stated that component space will take care of providing session index and nameId as part of logout request https://www.componentspace.com/Forums/9032/SAMLServiceProviderSendSLO-question?JumpToFirstUnreadPost=1

We store the NameID in the internal SAML session state. This is what's included in the logout request.
We don't use the FormsAuthentication.SetAuthCookie value etc.        

  Regards
ComponentSpace Development"

Some of the concerns I have around componentSpace handling are
1. SAML Service we have implemented would be running as microservice with multiple instances, all the service request coming to saml service would be load balance, no guarantee that the SP-initiated logout request would come to same SAML Microservice where the log-in happened.
2. In this case how would component space know about the user session, if the request is landing on some other SAML Service instance.
3. In our case ASP-SessionID is used by the other resources provider services, not sure how it would work with multiple ASP-sessionid values.

Appreciate any help!!, Thanks in advance!!
By ComponentSpace - 11/27/2019

You're welcome.