+xRemoving the Response.Redirect is correct. You can do a redirect and send a SAML logout request in the same HTTP response.
Are you saying you're seeing an HTTP Post with the logout request sent to
https://localhost:3443/samlSP/SAML/SLOService.aspx but no SAML logout response is being returned?
Have you tried setting a breakpoint in /SLOService.aspx to see what happens with the logout request?
Hi,
I manage to solve the issue. Since I still need the Response.redirect, I use alternative solution to solve it and get the logout response.
Steps:
1. Generate LogoutRequest XML element using ComponentSpace
2. Use HttpWebRequest to send form data POST request (passing in the URL and the LogoutRequest.OuterXML())
Below is the code:
public string postData(string destinationUrl, string requestXml)
{
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(destinationUrl);
string base64data = Base64Encode(requestXml);
string postdata = "SAMLRequest=" + HttpUtility.UrlEncode(base64data);
byte[] bytes;
bytes = Encoding.ASCII.GetBytes(postdata);
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = bytes.Length;
request.Method = "POST";
Stream requestStream = request.GetRequestStream();
requestStream.Write(bytes, 0, bytes.Length);
requestStream.Close();
HttpWebResponse response;
response = (HttpWebResponse)request.GetResponse();
log("postData destinationurl: " + destinationUrl + ", statuscode: " + response.StatusCode);
if (response.StatusCode == HttpStatusCode.OK)
{
Stream responseStream = response.GetResponseStream();
string responseStr = new StreamReader(responseStream).ReadToEnd();
return responseStr;
}
return null;
}
At SAML2ServiceProvider side,
I change the code at Page_Load to use SingleLogoutService.ReceiveLogoutMessageByHTTPPost instead of SingleLogoutService.ReceiveLogoutMessageByHTTPRedirect.
Then at SendLogoutResponse(), i comment out the usage of SingleLogoutService.SendLogoutResponseByHTTPRedirect and change to Response.Write(logoutResponseXml.OuterXml). So that responseStr will be able to get the logoutresponse:
<samlp:LogoutResponse ID="_93b0a02a-f12b-46a3-9e95-5a62184aaee4" Version="2.0" IssueInstant="2020-10-31T06:11:12.469Z" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
http://localhost:51394/http://localhost:51394/http://localhost:51394/</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status></samlp:LogoutResponse>
Hopefully, this can help other people who have similar issues.
Thanks :)