Forums, Documentation & Knowledge Base - ComponentSpace

SP/IDP initiated single logout behavior


https://componentspace.com/forums/Topic10844.aspx

By br1003 - 4/29/2020

I have a service provider and I'm implementing single logout and testing it with the ExampleIdentityProvider.

I have two questions.

When I log out of the identity provider and the identity provider does not have a single logout url configured, is it ok to not call _samlServiceProvider.SendSloAsync(); We wanted to use the fact that a single logout url was not configured to tell us that the Identity provider does not want us to log them out when users log out of the service provider system. Is that terrible?

Next question is about SP initiated logout. I'm calling _samlServiceProvider.InitiateSloAsync(); in the middle of a logout method. I'd like the logout method to finish and it just go to the sign out page but as soon as I get a response from the IdP that they received the request the browser wants to go to the SingleLogout url on the SP. I can't return an empty result from that method because I just get a blank page. I don't really have a relay state to send and besides, it happens in the middle of the logout method I called originally. Maybe I don't understand the inner workings of the way microsoft handles these or why the redirect needs to happen. Is there a way to just initiate the single logout and make it more of a fire and forget kind of deal? I kinda don't care if the IdP sends me back a response. Does the browser need to make all these calls?

Thanks!

Also it's been a great library to work with!

By ComponentSpace - 6/6/2020

Thanks. I'll reply to your email.