Developer Pages

# SSO and SLO

This document describes the steps that need to be done so that service providers can use the Single SignOn and Single Logout functionality.

# Single SignOn

The SSO part can be used directly with the adapter by enabling the feature in the Signicat Identity Broker. If SSO is enabled, once a user is logged in to a broker, all Service Providers that will want to login to that Signicat Identity Broker will be logged in automatically without reaching the Identity Provider login page.

If SSO is enabled the response will contain a special parameter called SessionIndex.

# Single Logout

If SSO is enabled, Service Providers can use the Single Logout functionality. The SLO functionality makes sure that when the user logs out from one Service Provider he will be logout from all other Service Providers that use the same Connectis Identity Broker.

The SLO flow has two main cases: initiating a SLO flow and receiving a SLO request from the Connectis Identity Broker.

# Initiating a SLO request

To initiate a SLO Request you must sent the CIB the SessionIndex parameter that was received during the SSO stage.

The Java Adapter API has support for this feature.

ConnectisAdapter.logout(request, response, spEntityId, nameId)
                    .withSessionIndex(sessionIndex)
                    .startLogout();

# Handling SLO requests from Identity Broker

If SSO is enabled and another service provider initiates a SLO request your service provider needs to be able to handle a logout request sent by the CIB.

To do this you will need to:

  • Create a class that will implement the LogoutHandler found in the delivered JAR. In the handleLogout method you will need to do a logout in your application.
package com.connectis.sp.client.saml.api.logout;
import com.connectis.sp.client.entities.response.Response;

public interface LogoutHandler {
    LogoutResult handleLogout(Response logoutResponse, 
                              ClientLogoutRequest logoutRequest);
}
  • On the defined SLO endpoint send your new class to the Signicat Adapter
    @RequestMapping(value = "/slo/**", method = RequestMethod.POST)
    public void handleSlo(@Nonnull HttpServletRequest request, 
                          @Nonnull HttpServletResponse response) {
        ConnectisAdapter.handleLogout(
                request, 
                response, 
                YOUR_LogoutHandler_IMPLEMENTATION
        );
    }
Last updated: 4/11/23, 2:27:56 PM UTC

Xml Schema Validation