Initiate PingFederate SLO (Log out) from Asp.Net Web Application

Subject: Initiate PingFederate SLO (Log out) from Asp.Net Web Application
Date: 2018-12-24 19:40:41
From: Soo
Source: initiate-pingfederate-slo-log-out-asp-net-web-application
----------------------------------------------------------------------

I have successfully setup a SSO between PingFederate and Asp.net web application. Referring to the sample code once authenticate at Idp(in my case PingFederate) user is redirected to /ConsumerService.aspx page when we intercept the SAML and fetch username to login.

My question is how do i initiate Single-Logout from my web application once user clicks logout or web session times-out. I can surely clean-up the session data and form logout at web application. but i also want my Idp to know that this user session is terminated and PingFederate should also remove the session for this connection for that user.

In case anyone has done any intergration between PingFederate and Asp.Net web app can share how they handle SP-initiated logouts that would be of great help.

Following is the snippet of my LogOut method:


    public ActionResult LogOff()
        {
            // Let the IdP know that the user has logged off
            // We send a LogoutRequest to the IdP
            LogoutRequest logoutRequest = new LogoutRequest();
            logoutRequest.Issuer = new Issuer(HelperUtils.GetAbsoluteUrl(HttpContext, "~/"));
            logoutRequest.NameId = new NameId(HttpContext.User.Identity.Name);

            // Send the logout request to the SP over HTTP redirect.
            string logoutUrl = MvcApplication.SingleLogoutUrl;
            X509Certificate2 x509Certificate = (X509Certificate2)HttpContext.Application[MvcApplication.IdPCertKey];

            FormsAuthentication.SignOut();
            Session.Abandon();
            
            logoutRequest.Redirect(Response, logoutUrl, logoutUrl, x509Certificate.PrivateKey);

            //return null;
        }

Following is the value for MvcApplication.SingleLogoutUrl variable

         MvcApplication.SingleLogoutUrl = "/sp/startSLO.ping";

I have enabled both Idp-initiated SLO and Sp-Intiated-SLO at my Pingfederate connection level.


----------------------------------------------------------------------

Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand
If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor
who sold you the license and ask for your money back.

Back to ComponentPro Q&A Forum Index