Not HTTP POST Method in SingleLogOut Request

Question

Not HTTP POST Method in SingleLogOut Request

89 views Asked by Emilio Caballero At 24 November 2024 at 08:07

I took this sample test SP code from ItFoxTec and perform a SingleLogout from this controller:

[Route("SingleLogout")]
public async Task<IActionResult> SingleLogout()
{
    Saml2StatusCodes status;
    var requestBinding = new Saml2PostBinding();
    var logoutRequest = new Saml2LogoutRequest(config, User);
    try
    {
        requestBinding.Unbind(Request.ToGenericHttpRequest(), logoutRequest);
        status = Saml2StatusCodes.Success;
        await logoutRequest.DeleteSession(HttpContext);
    }
    catch (Exception exc)
    {
        // log exception
        Debug.WriteLine("SingleLogout error: " + exc);
        status = Saml2StatusCodes.RequestDenied;
    }

    var responsebinding = new Saml2PostBinding();
    responsebinding.RelayState = requestBinding.RelayState;
    var saml2LogoutResponse = new Saml2LogoutResponse(config)
    {
        InResponseToAsString = logoutRequest.IdAsString,
        Status = status
    };
    return responsebinding.Bind(saml2LogoutResponse).ToActionResult();
}

As I hit this endpoint, I get this message from ITfoxtec.Identity.Saml2.InvalidSaml2BindingException

Not HTTP POST Method

It appears that IdP produces a GET Request, I don't know if there are some misconfiguration. Actually, it seems like this:

services.Configure<Saml2Configuration>(saml2Configuration =>
            {
                
                saml2Configuration.Issuer = saml2Configuration.Issuer;
                saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer);
                var entityDescriptor = new EntityDescriptor();
                var httpClientFactory = services.BuildServiceProvider().GetService<IHttpClientFactory>();
                entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(federationMetadata));
                if (entityDescriptor.IdPSsoDescriptor == null)
                    throw new InvalidOperationException("Error loading federation metadata.");
                saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
                saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
                saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
                

            });

Original Q&A

There are 1 answers

**Anders Revsgaard** · Accepted Answer · 2023-10-13 12:55:53

Anders Revsgaard On 13 October 2023 at 12:55 BEST ANSWER

It is possible to do logout with both Saml2PostBinding (POST) and Saml2RedirectBinding (GET) binding.

To accept a get request you need to change Saml2PostBinding to Saml2RedirectBinding.

TechQA.

Not HTTP POST Method in SingleLogOut Request

There are 1 answers

Related Questions in C#

Related Questions in SAML

Related Questions in ITFOXTEC-IDENTITY-SAML2

Related Questions in SINGLE-LOGOUT

Popular Questions

Popular Tags

Trending Questions