generate-saml-logout-request
Definition
-
This operation allows to generate a SAML logout request to be sent to a IdP supporting SAML Global Logout, including Soffid IdP.
URL
-
<console-domain>/webservice/federation/rest/generate-saml-logout-request
Method
-
POST
Headers
-
Accept = “application/json”
-
Content-Type = “application/json”
Authentication
-
Use an account
withwith federation:serviceProvider
Request (URL parameter)
-
user → Id of the user to log out
-
force → set to false if you want to give a chance to the end user to abort logout process. Set to true otherwise.
-
backChannel → set to true if you want to send the logout process via SOAP to the identity provider. Set to false if you want to send the logout process using a Redirect or HTML Form. The later allows interaction between the end user and the identity provider.
-
serviceProviderName → service provider that notifies user logout
-
identityProvider → identity provider to send the logout request
Response (JSON)
-
parameters → parameters to send to identity provider.
-
RelayState → identifier of the request id
-
SAMLRequest → encoded SAML request
-
-
method → method to use:
Redirect orRedirect or urn:oasis:names:tc:SAML:2.0:bindings:SOAP -
url → url where to send the request
Samples
Sample request
{
"user": "my-id",
"force": true,
"backChannel": false,
"serviceProviderName":"my-identity-provider",
"identityProvider":"http://idp.soffid.com"
}
Sample response
{
"url":"https://idp.soffid.com/SAML/SLO/SOAPBinding",
"method":"urn:oasis:names:tc:SAML:2.0:bindings:SOAP",
"parameters": {
"RelayState":"_523866242f943b4c63234dc8942ffc2f08cea03aa129a4e2",
"SAMLResponse": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJ...."
}
}
Sample redirect method made by service provider (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect method)
HTTP/1.1 302 Found
Location: https://idp.soffid.com/SAML/SLO/RedirectBinding?RelayState=_523866242f943b4c63234dc8942ffc2f08cea03aa129a4e2&SAMLRequest=PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJ....
Sample html form made by service provider (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST method)
<html>
<body onLoad="document.forms[0].submit();">
<form action="https://idp.soffid.com/SAML/SLO/PostBinding">
<input type="hidden" name="RelayState" value="_523866242f943b4c63234dc8942ffc2f08cea03aa129a4e2"/>
<input type="hidden" name="SAMLRequest" value="PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJ..."/>
</form>
</body>
</html>
Sample SOAP request ( urn:oasis:names:tc:SAML:2.0:bindings:SOAP method ). Service provader decodes SAMLRequest, and includes it in a SOAP message.
POST /SAML/SLO/SoapBinding HTTP/1.1
Host: idp.soffid.com
Content-Type: text/xml
Content-Length: ....
SOAPAction: http://www.oasis-open.org/committees/security
<SOAP-ENV:Envelope xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/soap/envelope/”>
<SOAP-ENV:Body>
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="d2b7c388cec36fa7c39c28fd298644a8" IssueInstant="2004-01-21T19:00:49Z" Version="2.0">
<Issuer>your-identity-provider</Issuer>
<NameID Format="urn:oasis:names:tc:SAML:2.0:nameidformat:persistent">005a06e0-ad82-110d-a556-004005b13a2b</NameID>
<samlp:SessionIndex>1</samlp:SessionIndex>
</samlp:LogoutRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>