+xThanks for pointing this out. I'll see that the Developer Guide is updated. The SAMLServiceProvider class includes the following InitiateSLO overloads. public static void InitiateSLO(HttpResponse httpResponse, string logoutReason, string relayState) public static void InitiateSLO(HttpResponse httpResponse, string logoutReason, string relayState, string partnerIdP)
The relayState parameter was added. This allows relay state to be included with the logout request. As per the SAML specification, the logout request will include the Name ID and session index. This should be sufficient for the IdP to identify and logout the user. Just to clarify does it work like this: Receive AuthNResponse SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out authnContext, out userName, out attributes, out targetUrl); Does the "username" correspond to the NameID Then authentication is marked successful FormsAuthentication.SetAuthCookie(userName, false); What happens if after this is done, I replace username with a different attribute (such as email). Then recall: FormsAuthentication.SetAuthCookie(userName, false); Then then the user signs out. Does SAMLServiceProvider.InitiateSLO(Response, null, null, partnerIdP); Send the NameId from the session still or is it pulling from the cookie username variable? Thx again! josh
|