Exemple #1
0
        private static void HandleLogoutResponse(HttpRedirectBindingParser parser)
        {
            LogoutResponse res = Serialization.DeserializeFromXmlString <LogoutResponse>(parser.Message);

            // Retrieve metadata of requestor.
            string SPID = res.Issuer.Value;
            Saml20MetadataDocument SPmetadata = GetMetadata(SPID);

            if (parser.IsSigned && !CheckRedirectSignature(parser, SPmetadata))
            {
                HandleUnableToVerifySignature(SPID);
                return;
            }

            // Remove the Service Provider from the list of the user's active sessions.
            UserSessionsHandler.RemoveLoggedInSession(SPID);

            Logout();
        }
Exemple #2
0
        private static void HandleLogoutRequest(HttpRedirectBindingParser parser)
        {
            LogoutRequest req = Serialization.DeserializeFromXmlString <LogoutRequest>(parser.Message);

            // Retrieve metadata of requestor.
            string SPID = req.Issuer.Value;
            Saml20MetadataDocument SPmetadata = GetMetadata(SPID);

            if (parser.IsSigned && !CheckRedirectSignature(parser, SPmetadata))
            {
                HandleUnableToVerifySignature(SPID);
                return;
            }

            // Set the entity ID of the federation partner that initiated the logout.
            HttpContext.Current.Session[LOGOUTINITIATORKEY] = SPID;
            UserSessionsHandler.RemoveLoggedInSession(SPID);

            Logout();
        }
Exemple #3
0
        /// <summary>
        /// Initiate logout.
        /// </summary>
        private static void Logout()
        {
            List <string> sessions = UserSessionsHandler.GetLoggedInSessions();

            if (sessions.Count > 0)
            {
                // Retrieve the next entity id and initiate logout.
                string entityId = sessions[0];
                UserSessionsHandler.RemoveLoggedInSession(entityId);
                CreateLogoutRequest(entityId);
            }
            else
            {
                // No more active sessions. Send a LogoutResponse to the service provider that initiated the Logout.
                string initiatingEntity = (string)HttpContext.Current.Session[LOGOUTINITIATORKEY];
                HttpContext.Current.Session.Remove(LOGOUTINITIATORKEY);

                UserSessionsHandler.DestroySession();
                CreateLogoutResponse(initiatingEntity);
            }
        }