ComponentSpace

Forums



What do I do with the saml-session cookie on logout without SLO?


What do I do with the saml-session cookie on logout without SLO?

Author
Message
br1003
br1003
New Member
New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)

Group: Forum Members
Posts: 21, Visits: 110
I've logged into a service provider with an Identity provider that does not have single logout configured so when a user logs out of our service provider, what do I do with the cookie?

Currently, the cookie remains after a logout. SLO is never initiated. Now, after that initial login and logout with the idp without SLO, another user uses the same browser (never closed) and logs in to the service provider with a different Identity provider that HAS SLO configured. When the user logs out, our code will try to set the idp configuration of what the user logged in as however, the partnerName that goes into the GetPartnerIdentityProviderConfigurationAsync is that of the first identity provider that was logged in with so setting the IdP fails.

It's a weird edge case but what's the right way to handle this? Do I need to just manually delete the saml-session cookie during the logout if SLO is not configured?

Thanks!
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You shouldn't have to worry about the saml-session cookie.

When the second user completes SSO, the old details in the saml-session cookie will be overwritten with the new SSO details. These will be used during the SLO.

Where are you getting the partnerName from that you're passing into GetPartnerIdentityProviderConfigurationAsync?

It might help if you turn on SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.

https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace

Please capture the first SSO, second SSO and SLO.

Regards
ComponentSpace Development
br1003
br1003
New Member
New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)

Group: Forum Members
Posts: 21, Visits: 110
ComponentSpace - 11/18/2020
You shouldn't have to worry about the saml-session cookie.

When the second user completes SSO, the old details in the saml-session cookie will be overwritten with the new SSO details. These will be used during the SLO.

Where are you getting the partnerName from that you're passing into GetPartnerIdentityProviderConfigurationAsync?

It might help if you turn on SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.

https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace

Please capture the first SSO, second SSO and SLO.

I'm calling SetConfigurationIDAsync, I've overridden the resolver GetPartnerIdentityProviderConfigurationAsync(string configurationID, string partnerName) and the partnerName is getting passed in magically. I'm assuming it's coming from whatever is in the session.

I'll get a trace going and send that over
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Thanks for the clarification. I'll look at the trace as soon as it arrives.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search