I'm working on an ASP.NET MVC application that uses the Sustainsys.Saml2.Owin library for SAML 2.0 Single Sign-On (SSO) with Salesforce as the Identity Provider (IdP). SSO is working fine, but now I want to implement Single Logout (SLO) to ensure that when a user logs out of my application, they are also logged out of Salesforce. How do I implement SLO in ASP.NET MVC? Following is how I implemented Saml2 based SSO.
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Saml2",
CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager(),
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(Convert.ToDouble(ConfigurationManager.AppSettings["sessionTime"].ToString()))
});
app.UseSaml2Authentication(CreateSaml2Options());
}
private Saml2AuthenticationOptions CreateSaml2Options( )
{
var saml2Options = new Saml2AuthenticationOptions(false)
{
SPOptions = new SPOptions
{
EntityId = new EntityId(ConfigurationManager.AppSettings["EntityId"].ToString()),
ReturnUrl = new Uri(ConfigurationManager.AppSettings["ReturnUrl"].ToString()),
},
};
saml2Options.IdentityProviders.Add(
new IdentityProvider(
new EntityId(ConfigurationManager.AppSettings["IssuerUrl"].ToString()),
saml2Options.SPOptions)
{
LoadMetadata = true,
SingleSignOnServiceUrl= new Uri(ConfigurationManager.AppSettings["SingleSignOnServiceUrl"].ToString()),
MetadataLocation = ConfigurationManager.AppSettings["MetadataLocation"].ToString(),
AllowUnsolicitedAuthnResponse = true,
});
saml2Options.AuthenticationType = "Saml2";
return saml2Options;
}
}