Subject: IdP Initiated Single-Logout Service
Date: 2016-09-15 18:14:17
From: Joe Huddleston
Source: idp-initiated-single-logout-service
----------------------------------------------------------------------



	I am having some trouble sending the logoutRequest to my service provider(s). The problem is in the Sub IdPLogoutResponse, last line.



	My comment above that line reads, " If I comment out the below line, the SP logout request will send and logout. With the line in, the SP logout request is never sent."

	

	The line in question reads, "logoutResponse.Redirect(Response, logoutUrl, logoutRequest.RelayState, x509Certificate.PrivateKey)"



	As I wrote, if I comment out the line, I can send one successful logoutRequest.redirect. I am certain if I had more only the last one would send. The redirect appears to cancel every thing above (which makes since) but I am not sure how to work around it and I certainly do not want to stay on my sp's logout request page (which is blank).



	[code lang='vb']



	Private Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load



	 



	Try



	'check if user is logged in. decrypt pin here so it is not decrypted at each sp logout.



	If myClass.getPin(Pin:=pin) = False Then Throw New ApplicationException("Error decrypting pin")



	If pin = "" Then Throw New ApplicationException("User is not logged in.")



	 



	If Request.QueryString("SAMLRequest") Is Nothing And



	Request.QueryString("SAMLResponse") Is Nothing Then



	 



	IdpLogoutRequest()



	 



	Else



	IdPLogoutResponse()



	 



	'expire the cookie



	myClass.CookieHandler.expirePin()



	 



	End If



	 



	Catch ex As ApplicationException



	Response.Write(ex.Message)



	Catch ex As Exception



	SamlTrace.Log(LogLevel.Info, "IdP - Error in single logout service", ex)



	End Try



	 



	 



	End Sub



	 



	''' <summary>



	''' Build logout request and send to Idp provider.



	''' </summary>



	Private Sub IdpLogoutRequest()



	Try



	'create a logout request.



	Dim logoutRequest As New LogoutRequest()



	logoutRequest.Issuer = New Issuer(SamlUtil.GetAbsoluteUrl(Me, "~/"))



	logoutRequest.NameId = New NameId(pin)



	 



	 



	Dim logoutUrl As String = SamlUtil.GetAbsoluteUrl(Me, "~/sloService.aspx")



	Dim x509Certificate As X509Certificate2 = CType(Application([Global].CertKeyName), X509Certificate2)



	 



	'send the logout request to the service provider over HTTP redirect.



	logoutRequest.Redirect(Response, logoutUrl, Nothing, x509Certificate.PrivateKey)



	 



	Catch ex As Exception



	SamlTrace.Log(LogLevel.Info, String.Format("An Error occurred: {0}", ex))



	 



	End Try



	End Sub



	 



	Private Sub IdPLogoutResponse()



	Dim x509Certificate As X509Certificate2 = CType(Application([Global].CertKeyName), X509Certificate2)



	Dim logoutRequest As LogoutRequest = LogoutRequest.CreateFromHttpRedirect(Request, x509Certificate.PublicKey.Key)



	 



	' request logout from service providers



	SPLogoutRequests()



	 



	' Create a logout response



	Dim logoutResponse As New LogoutResponse()



	logoutResponse.Issuer = New Issuer(SamlUtil.GetAbsoluteUrl(Me, "~/"))



	 



	' Send the logout response over HTTP redirect.



	Dim logoutUrl As String = SamlUtil.GetAbsoluteUrl(Me, "~/sloService.aspx")



	'*** If I comment out the below line, the SP logout request will send and logout. With the line in, it the SP logout request is never sent



	logoutResponse.Redirect(Response, logoutUrl, logoutRequest.RelayState, x509Certificate.PrivateKey)



	End Sub



	 



	Private Sub SPLogoutRequests() 



	Try



	'*** FUTURE LOOP: Eventually this will loop through all service providers



	'create a logout request.



	Dim logoutRequest As New LogoutRequest()



	logoutRequest.Issuer = New Issuer(SamlUtil.GetAbsoluteUrl(Me, "~/"))



	logoutRequest.NameId = New NameId(pin)



	 



	 



	Dim logoutUrl As String = ServiceLogoutUrl 'Eventually this will be define when looping through service providers.



	Dim x509Certificate As X509Certificate2 = CType(Application([Global].CertKeyName), X509Certificate2)



	 



	'send the logout request to the service provider over HTTP redirect.



	logoutRequest.Redirect(Response, logoutUrl, Nothing, x509Certificate.PrivateKey)



	'*** FUTURE END LOOP



	Catch ex As Exception



	SamlTrace.Log(LogLevel.Info, String.Format("An Error occurred: {0}", ex))



	 



	End Try



	End Sub



	[/code]



	 


----------------------------------------------------------------------

Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand
If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor
who sold you the license and ask for your money back.

Back to ComponentPro Q&A Forum Index