TechQA.

What is required for Single Log Out with Okta using ITFoxtec.Identity.Saml2?

89 views Asked by At

I have SSO set up and working in my app, but am trying to get SLO to function. What is required to implement SLO in an app? I have it set up in my IdP.

Here is the configuration from my Program.cs file. Am I missing anything here? Do we need any other set up in order for SLO to function correctly? Using this set up, the IdP tries to initiate a single logout when we use the logout controller action, but it does not actually sign us out of the IdP (Okta in our case).

builder.Services.Configure<Saml2Configuration>(builder.Configuration.GetSection("Saml2"));

builder.Services.Configure<Saml2Configuration>(saml2Configuration =>
{

    saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer);

    var entityDescriptor = new EntityDescriptor();
    entityDescriptor.ReadIdPSsoDescriptorFromFile(builder.Configuration.GetSection("Saml2")["IDPMetadataFile"]);

    if (entityDescriptor.IdPSsoDescriptor != null)
    {
        saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
        saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
        saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);

        foreach (var signingCertificate in entityDescriptor.IdPSsoDescriptor.SigningCertificates)
        {
            if (signingCertificate.IsValidLocalTime())
            {
                saml2Configuration.SignatureValidationCertificates.Add(signingCertificate);
            }
        }
        if (saml2Configuration.SignatureValidationCertificates.Count <= 0)
        {
            throw new Exception("The IdP signing certificates has expired.");
        }
    }
    else
    {
        throw new Exception("IdPSsoDescriptor not loaded from metadata.");
    }

});
itfoxtec-identity-saml2
Original Q&A
1

There are 1 answers

4
Anders Revsgaard On BEST ANSWER

You probably need to configure Okta to do logout and single logout.

enter image description here

Select SLO initiation.

The Response URL should be: https://localhost:xxxx/Auth/LoggedOut` It is used if logout is initiated by the RP (RP-initiated logout)

Select SLO participation to enable IdP-initiated logout.

The Request URL should be: https://localhost:xxxx/Auth/SingleLogout` It is used if logout is initiated by the IdP (IdP-initiated logout)

Use HTTP POST in logout request.

Select Include user session details.

Related Questions in ITFOXTEC-IDENTITY-SAML2

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions