We are having some issue with SLO. ComponentSpace.SAML2.dll we are using is version 2.4.0.11, that we purchased a few years ago. When I looked at the developer guide online
http://www.componentspace.com/Documentation/SAML%20v2.0%20Developer%20Guide.pdf, it is showing the following example for idP-Initiated SLO:
5.1.4 SAMLIdentityProvider.InitiateSLOThe InitiateSLO method sends a logout request to each service provider in session as partof IdP-initiated SLO.For example: SAMLIdentityProvider.InitiateSLO( Response, null);.....
However, in the the library we are using, I couldn't find SAMLIdentityProvider.InitiateSLO. I can only find SingleLogoutService.SendLogoutRequestByHTTPPost. So we implemented using SingleLogoutService, but it doesn't work correctly. The request doesn't get posted at all and no error shows in the the log file neither. Below is the c# code we are using to implement SLO.
A La Carte and Feature Direct Reference Guide public void SendSAMLSLORequest(string sessionId)
{
MetadataReader spReader = new MetadataReader(string.Format(SPMetadata, env));
spReader.Process();
MetadataReader idpReader = new MetadataReader(string.Format(IDPMetadata, env));
idpReader.Process();
LogoutRequest samlRequest = CreateSAMLRequest(spReader, idpReader, sessionId);
SendSAMLRequest(samlRequest, spReader, idpReader, sessionId);
}
private LogoutRequest CreateSAMLRequest(MetadataReader spReader, MetadataReader idpReader, string sessionIndex)
{
LogoutRequest result = new LogoutRequest();
try
{
result.NameID = new NameID(client.OpaqueId);
result.Destination = spReader.SingleLogOutServiceUrl;
result.Issuer = new Issuer(idpReader.EntityId);
result.IssueInstant = DateTime.UtcNow;
result.NotOnOrAfter = DateTime.UtcNow.AddMinutes(10);
result.Reason = "IDP Logout";
result.SessionIndexes = new List<SessionIndex>();
SessionIndex session = new SessionIndex(sessionIndex);
result.SessionIndexes.Add(session);
}
catch (Exception ex)
{
…
}
return result;
}
private void SendSAMLRequest(LogoutRequest samlSLORequest, MetadataReader spReader, MetadataReader idpReader, string sessionIndex)
{
XmlElement samlRequestXml = samlSLORequest.ToXml();
if (idpReader.SigningCert != null && idpReader.SigningCert.PrivateKey != null)
{
SAMLMessageSignature.Generate(samlRequestXml, idpReader.SigningCert.PrivateKey, idpReader.SigningCert);
SingleLogoutService.SendLogoutRequestByHTTPPost(Response, spReader.SingleLogOutServiceUrl, samlRequestXml, null);
...
}
else
{
…
}
}
Does anyone have ideas what is wrong with our SLO implementation? How can we use SAMLIdentityProvider.InitiateSLO? Do we need to upgrade our library?
thanks in advance!