ComponentSpace

Forums



Clear SSO Login sessions/data


Clear SSO Login sessions/data

Author
Message
kiransr25
kiransr25
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 12
Hi Team,
   We are using component space SSO for the asp.net web application, The SSO will be initiated from the client with client login URL
and after login, if the user logout from the application we are supposed to show the client login page again but because of SSO cached data the login page won't ask for authentication, and without any credentials, it will automatically logins to the application.

Reference :ComponentSpace.SAML2
Version:4.7

Please refer to the below code,
During Login:
Step 1 : user login using the client login page
step 2:  we receive the request
SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out authnContext, out userName, out attributes, out targetUrl);
after SSO , user logins successfully 
step 3: user clicks logout
    Session.Clear();
    Session.Abandon();
    HttpContext.Current.Session.Clear();
    HttpContext.Current.Session.Abandon();
    HttpContext.Current.Application.RemoveAll();
    HttpContext.Current.Items.Clear();
    FormsAuthentication.SignOut();
    HttpContext.Current.Response.Cookies.Clear();
we are trying clear session and cookies.

then redirect to the client login page 

step 4: client login page won't ask for any credentials and it will log in.

So after clicking logout apart from clearing regular sessions, do we need to perform any SSO-related tasks so we can clear all SSO-related data.

Can anyone please help me with this?

Regards,
Kiran sr










ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Kiran,

In your step 3 you're logging the user out from your SP application but the user remains logged in at the IdP application. The authentication cookie for the IdP still exists. When you initiate SSO again, the IdP won't prompt the user to login as they're already logged in.

SAML logout (SLO) is a protocol that logs the user out from the SPs and IdP. At the end of your step 3 you can call SAMLServiceProvider.InitiateSLO to create and send a SAML Logout request to the IdP. The IdP will log the user out at their end and send you a SAML logout response. You call SAMLServiceProvider.ReceiveSLO to receive and process the logout response.

The ExampleServiceProvider project demonstrates making these calls. The <PartnerIdentityProvider> entry in your saml.config needs to include a SingleLogoutServiceUrl. This is the URL where SAML logout messages are sent to the IdP.

Unfortunately, not all IdPs support SAML logout. You'll need to confirm with the IdP whether they do. If they don't, the only option is to prompt the user to close the browser to clear all cookies. In a shared environment with multiple users using the same machine, closing the browser is a good idea even if SAML logout is employed.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search