I am using the library ITfoxtec Identity SAML 2.0 to implement SAML 2.0 with an ASP.Net 4.6 MVC App and a 3rd party IdP that only supports http-redirect single logout. I am able to login, but I can’t get the single logout to work. The sample only use http-post to logout. Is there any sample code that is publicly available that shows how to implement a single logout using http-redirect?
Thanking you in advance for your help!
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Logout with redirect binding can be supported with small changes by changing the binding class Saml2PostBinding to Saml2RedirectBinding. The following is based on the ITfoxtec Identity SAML 2.0 documentation.
Logout method in the Auth Controller
[HttpPost("Logout")]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Logout()
{
if (!User.Identity.IsAuthenticated)
{
return Redirect(Url.Content("~/"));
}
var binding = new Saml2RedirectBinding();
var saml2LogoutRequest = await new Saml2LogoutRequest(config, User).DeleteSession(HttpContext);
return binding.Bind(saml2LogoutRequest).ToActionResult();
}
LoggedOut method in the Auth Controller
After successfully or failing logout the logged out method receive the response.
[Route("LoggedOut")]
public IActionResult LoggedOut()
{
var binding = new Saml2RedirectBinding();
binding.Unbind(Request.ToGenericHttpRequest(), new Saml2LogoutResponse(config));
return Redirect(Url.Content("~/"));
}
SingleLogout method in the Auth Controller
Receives a Single Logout request and send a response.
[Route("SingleLogout")]
public async Task<IActionResult> SingleLogout()
{
Saml2StatusCodes status;
var requestBinding = new Saml2RedirectBinding();
var logoutRequest = new Saml2LogoutRequest(config, User);
try
{
requestBinding.Unbind(Request.ToGenericHttpRequest(), logoutRequest);
status = Saml2StatusCodes.Success;
await logoutRequest.DeleteSession(HttpContext);
}
catch (Exception exc)
{
// log exception
Debug.WriteLine("SingleLogout error: " + exc.ToString());
status = Saml2StatusCodes.RequestDenied;
}
var responsebinding = new Saml2RedirectBinding();
responsebinding.RelayState = requestBinding.RelayState;
var saml2LogoutResponse = new Saml2LogoutResponse(config)
{
InResponseToAsString = logoutRequest.IdAsString,
Status = status,
};
return responsebinding.Bind(saml2LogoutResponse).ToActionResult();
}
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0