Forums, Documentation & Knowledge Base - ComponentSpace

How can SLO Response URL be set dynamically


https://componentspace.com/forums/Topic11658.aspx

By jhakhu - 7/21/2021

Our application is using SP initiated SSO. We have 3 different instances which are all using the same Identity provider configuration for authentication. The ACS URL is set programmatically depending on which application is initiating the SSO. That part works fine, the authentication response is correctly sent to the domain based on the AssertionConsumerServiceUrl value.

The part where I am having a problem is for the SLO ( Single logout). When I create a logout request, the response is being sent to the URL in the Identity provider administration configuration setup. I would like to be able to specify the logout response URL by the service provider dynamically, just like the ACS. The response needs to be sent to the instance which initiated the logout request. Is that possible and how can I do that? Would appreciate some help.

I am using  HTTPPostBinding.SendRequest to send the authentication request and SingleLogoutService.SendLogoutRequestByHTTPPost to send the logout request to the Identify provider.
Thanks.


 

By ComponentSpace - 7/22/2021

Your understanding is correct. The SAML configuration is only used by the SAML high-level API.

You can set the SAMLConfiguration class programmatically. However, if your configuration is dynamic, we recommend implementing the ISAMLConfigurationResolver interface as described in the Configuration Guide and demonstrated by the ExampleServiceProvider project. This gives you more control of the configuration and you can change it on the fly.

The SingleLogoutServiceResponseUrl is the location where SAML logout responses are sent to the partner IdP. If not specified, SAML logout responses are sent to the SingleLogoutServiceUrl.