ComponentSpace

Forums



Redirect to different page on SP SLO


Redirect to different page on SP SLO

Author
Message
eric_08
eric_08
New Member
New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)

Group: Awaiting Activation
Posts: 7, Visits: 42
Hello,
I have an ASP .NET Core application that performs SP functionality where I need to present an error page to the user when error occurs and perform SLO. I've tried something like this on the error page:

Snippetvar ssoState = await this.samlServiceProvider.GetStatusAsync();                 
if (await ssoState.CanSloAsync())                
{
await this.samlServiceProvider.InitiateSloAsync("IdP", "Error");                
}
Snippetreturn new EmptyResult();

My SAML controller logout route looks like this:

[Route("LogOut")]     
public async Task<IActionResult> SingleLogoutService()     

 var sloResult = await this.samlServiceProvider.ReceiveSloAsync(); 
 if (sloResult.IsResponse)         
{             
   if (!string.IsNullOrEmpty(sloResult.RelayState))             
   { 
      return LocalRedirect(sloResult.RelayState);             
   } 
  return RedirectToPage("/Login");         
}
await this.HttpContext.SignOutAsync();          
await this.samlServiceProvider.SendSloAsync();          
return new EmptyResult();     
}

The above code for "LogOut" route handles the logout request, but there doesn't appear to be a way to determine if this a standard logout request or logout request due to an error page request. I thought I could set reason to something like "Error" when initiating SP logout, but I get empty reason when IdP redirects back to SP.

Is there a way to accomplish what I'm trying to do here?

Thank you in advance.Snippet
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
There are a couple of options.

You could set a flag in your application's session state to remember the error status. This assumes you have ASP.NET Core session support enabled for your application.

The other option is to make use of the SAML relay state.

When you call samlServiceProvider.InitiateSloAsync, you can include the relayState parameter. This is an arbitrary, and opaque to the IdP, value that the IdP will return along with the SAML logout response. This could be set to a value indicating the error status.

When you call samlServiceProvider.ReceiveSloAsync, the ISloResult will include the relay state originally sent to the IdP. 

Regards
ComponentSpace Development
eric_08
eric_08
New Member
New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)

Group: Awaiting Activation
Posts: 7, Visits: 42
ComponentSpace - 8/28/2022
There are a couple of options.

You could set a flag in your application's session state to remember the error status. This assumes you have ASP.NET Core session support enabled for your application.

The other option is to make use of the SAML relay state.

When you call samlServiceProvider.InitiateSloAsync, you can include the relayState parameter. This is an arbitrary, and opaque to the IdP, value that the IdP will return along with the SAML logout response. This could be set to a value indicating the error status.

When you call samlServiceProvider.ReceiveSloAsync, the ISloResult will include the relay state originally sent to the IdP. 

Thank you a quick reply. I don't have ASP .NET Core sessions enabled, and probably don't want them enabled at this time. I did also try passing error page URL in the relayState parameter, but that was also coming back as blank. Is relay state universal that every IdP has to support?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
IdPs should support relay state as it's part of the SAML specification.

Please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.

https://www.componentspace.com/forums/7936/Enabling-SAML-Trace

We'll take a look to confirm everything looks ok on the SP side.
 

Regards
ComponentSpace Development
eric_08
eric_08
New Member
New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)New Member (10 reputation)

Group: Awaiting Activation
Posts: 7, Visits: 42
ComponentSpace - 8/29/2022
IdPs should support relay state as it's part of the SAML specification.

Please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.

https://www.componentspace.com/forums/7936/Enabling-SAML-Trace

We'll take a look to confirm everything looks ok on the SP side.
 

Got this resolved. It turned out that the IdP was not doing standard SLO sequence, so this isn't issue at all.

Thanks for you help.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 3 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search