Skip to main content

generate-saml-logout-request

Definition
  • This operation allows to validategenerate a SAML responselogout generatedrequest byto anotherbe externalsent IDPto thata supportIdP supporting SAML protocol.Global Logout, including Soffid IdP.

URL
  • <console-domain>/webservice/federation/rest/parse-generate-saml-responselogout-request

Method
  • POST

Headers
  • Accept = “application/json”

  • Content-Type = “application/json”

Authentication
Request (URL parameter)
  • autoProvisionuser[false|true]Id (currentlyof onlythe falseuser functionalityto islog implemented)out

  • responseforce → set to false if you want to give a chance to the end user to abort logout process. Set to true otherwise.

  • backChannel → set to true if you want to send the logout process via SOAP to the identity provider. Set to false if you want to send the logout process using a Redirect or HTML Form. The later allows interaction between the end user and the identity provider.

  • serviceProviderName → service provider that notifies user logout

  • identityProvider → identity provider to send the logout request

Response (JSON)
Samples

Sample request

{
    "user": "my-id",
    "force": true,
    "backChannel": false,
    "serviceProviderName":"my-identity-provider",
    "identityProvider":"http://idp.soffid.com"
}

Sample response

{
    "url":"https://idp.soffid.com/SAML/SLO/SOAPBinding",
    "method":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP",
    "parameters": {
        "RelayState":"_523866242f943b4c63234dc8942ffc2f08cea03aa129a4e2",
        "SAMLResponse": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJ...."
    }
}

Sample redirect method made by service provider (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect method)

HTTP/1.1 302 Found
Location: https://idp.soffid.com/SAML/SLO/RedirectBinding?RelayState=_523866242f943b4c63234dc8942ffc2f08cea03aa129a4e2&SAMLRequest=PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJ....
 

Sample html form made by service provider (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST method)

  • serviceProviderName → service provider which requests the user authentication

  • {<html>
        <body onLoad="autoProvision"document.forms[0].submit();">
            :<form false,action="https://idp.soffid.com/SAML/SLO/PostBinding">
                <input type="response"hidden" : {
            name="RelayState": value="_523866242f943b4c63234dc8942ffc2f08cea03aa129a4e2",/>
                <input type="SAMLResponse":hidden" name="PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJSAMLRequest" wOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczpvalue="PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJ..."/>
            0YzpTQU1MOjIuMDpwcm90b2NvbCIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWN</form>
        lSW5kZXg9IjEiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0iaHR0cHM6Ly9hYmM6NDQzLy94eHgiIERlc3Rpb</body>
    mF0aW9uPSJodHRwczovL3N0YXN0cy5hcnh1cy5ldS9hZGZzL2xzLyIgRm9yY2VBdXRobj0iZmFsc2UiIElEPSJfNTI</html>
    zODY2MjQyZjk0M2I0YzYzMjM0ZGM4OTQyZmZjMmYwOGNlYTAzYWExMjlhNGU

    Sample yIiBJc3N1ZUluc3RhbnQ9IjIwMTctMTItMjJUMTQ6NTU6MjAuODYyWiIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2FzaSOAP XM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1SZWRpcmVjdCIgVrequest mVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA( 6YXNzZXJ0aW9uIj5odHRwOi8vcG9ydGFsLmFyeHVzLmNvbTwvc2FtbDI6SXNurn:oasis:names:tc:SAML:2.0:bindings:SOAP zdWVyPjxzYW1sMjpTdWJqZWN0IHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFmethod tZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDI6TmFtZUlEIEZvcm1). hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6cGVyc2lzdGVudCI+Service ZWRtb25kLmhhbGxleTwvc2FtbDI6TmFtZUlEPjwvc2FtbDI6U3ViamVjdD48L3NhbWwycDpBdXRoblJlcXVlc3Q+"provader },decodes "protocol"SAMLRequest, :and includes it in a SOAP message.

    POST /SAML/SLO/SoapBinding HTTP/1.1
    Host: idp.soffid.com
    Content-Type: text/xml
    Content-Length: ....
    SOAPAction: http://www.oasis-open.org/committees/security
     
    <SOAP-ENV:Envelope xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/soap/envelope/”>
     <SOAP-ENV:Body>
       <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",protocol" xmlns="serviceProviderName"urn:oasis:names:tc:SAML:2.0:assertion" :ID="d2b7c388cec36fa7c39c28fd298644a8" IssueInstant="https:2004-01-21T19:00:49Z" Version="2.0">
         <Issuer>your-identity-provider</Issuer>
         <NameID Format="urn:oasis:names:tc:SAML:2.0:nameidformat:persistent">005a06e0-ad82-110d-a556-004005b13a2b</stasts.arxus.eu/adfs/ls/"NameID>
         }<samlp:SessionIndex>1</samlp:SessionIndex>
       </samlp:LogoutRequest>
     </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>
    Response (JSON)
    • authentication → [yes|no]

    • failureMessage → if authentication=”no”, a description text of the error

    • principalName → account name

    • user → account owner identity standard attributes

    • attributes → account owner identity custom attributes

    • sessionId → session identifier