Monday, 18 August 2025

crewjam/saml sp intitated logout


https://github.com/crewjam/saml/blob/main/service_provider.go#L70

 To initiate an SP-initiated logout using crewjam/saml, the Service Provider (SP) needs to send a SAML LogoutRequest to the Identity Provider (IdP). This process typically involves the following steps:

  • User Initiates Logout: The user requests to log out from the SP application.
  • SP Terminates Local Session: The SP application invalidates or deletes the user's local session (e.g., by removing session cookies or tokens).
  • Generate SAML LogoutRequest: The crewjam/saml library's ServiceProvider component is used to generate a SAML LogoutRequest. This request includes information about the user (e.g., their NameID) and the SP's entity ID.
Go
    // Assuming 'sp' is your *samlsp.Middleware instance and 'session' is the user's session    // 'session.Subject' would typically hold the NameID of the logged-in user    logoutRequestURL, err := sp.ServiceProvider.MakeRedirectLogoutRequest(session.Subject, "")    if err != nil {        // Handle error    }
  • Redirect to IdP's SingleLogoutService: The SP redirects the user's browser to the IdP's SingleLogoutService (SLO) endpoint, including the generated SAML LogoutRequest as a parameter (e.g., in a query string for HTTP-Redirect binding).
Go
    http.Redirect(w, r, logoutRequestURL.String(), http.StatusFound)
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)