Question

I am using Sustainsys Saml2 with Identity Server 4. A customer has asked me if we support support SAML Single Logout.

They have asked for:

Single Logout Request URL
Single Logout Response URL

From what I can see this is probably supported by Sustainsys given the following properties exist.

 var idp = new Sustainsys.Saml2.IdentityProvider(new EntityId("https://sso.acme.com"), opt.SPOptions)
                        {
MetadataLocation = "/metadata/sso-meta.xml",
                        LoadMetadata = true,
                        AllowUnsolicitedAuthnResponse = true,
                            SingleLogoutServiceResponseUrl = "INSERT",
                            SingleLogoutServiceBinding = Saml2BindingType.HttpRedirect
                        };

I have two questions:

I can only see one property which matches their request - the SingleLogoutServiceResponseUrl (I don't see a property for the SingleLogoutServiceRequestUrl). How do I configure the Single logout request Url?
How do I determine what the values are for these Url's?

Thanks

Answer 1

出站注销请求将发送到Idp上配置的SingleLogoutUrl。 SingleLogoutResponseUrl是一个特殊的 - 它仅在将响应发送到Idp上的不同端点而不是请求时使用。通常它们是相同的，如果未设置SingleLogoutResponseUrl，SingleLogoutUrl将用于响应和请求。
向Idp人询问。

另外需要注意：您正在加载元数据。然后一切都应该已经存在于元数据中，您可以将代码缩短为

var idp = new Sustainsys.Saml2.IdentityProvider(new 
EntityId("https://sso.acme.com"), opt.SPOptions)
{
     MetadataLocation = "/metadata/sso-meta.xml",
     AllowUnsolicitedAuthnResponse = true,
};

Saml2 Single Logout (SingleLogoutServiceResponseUrl) with Sustainsys and Identity Server 4

1 个答案: