I have successfully setup a SSO between PingFederate and Asp.net web application. Referring to the sample code once authenticate at Idp(in my case PingFederate) user is redirected to /ConsumerService.aspx page when we intercept the SAML and fetch username to login.
My question is how do i initiate Single-Logout from my web application once user clicks logout or web session times-out. I can surely clean-up the session data and form logout at web application. but i also want my Idp to know that this user session is terminated and PingFederate should also remove the session for this connection for that user.
In case anyone has done any intergration between PingFederate and Asp.Net web app can share how they handle SP-initiated logouts that would be of great help.
Following is the snippet of my LogOut method:
public ActionResult LogOff()
// Let the IdP know that the user has logged off
// We send a LogoutRequest to the IdP
LogoutRequest logoutRequest = new LogoutRequest();
logoutRequest.Issuer = new Issuer(HelperUtils.GetAbsoluteUrl(HttpContext, "~/"));
logoutRequest.NameId = new NameId(HttpContext.User.Identity.Name);
// Send the logout request to the SP over HTTP redirect.
string logoutUrl = MvcApplication.SingleLogoutUrl;
X509Certificate2 x509Certificate = (X509Certificate2)HttpContext.Application[MvcApplication.IdPCertKey];
logoutRequest.Redirect(Response, logoutUrl, logoutUrl, x509Certificate.PrivateKey);
Following is the value for MvcApplication.SingleLogoutUrl variable
MvcApplication.SingleLogoutUrl = "/sp/startSLO.ping";
I have enabled both Idp-initiated SLO and Sp-Intiated-SLO at my Pingfederate connection level.