Logout response (LogoutResponse) Suomi.fi e-Identification –
Sisältö
An e-service can send a logout response to Suomi.fi identification or vice versa. The structure of the message is similar in both cases. A sample message with HTTP-Redirect and HTTP-Post bindings is described below.
Logout response (HTTP-Redirect)
The example shows a response returned by Suomi.fi identification (in element saml2:Issuer) to an e-service (in attribute Destination) that has requested logout.
When Suomi.fi identification has initiated the logout, the response of the e-service to the logout request of Suomi.fi identification is the same, apart from the fact that the sender (in element saml2:Issuer) and the recipient (in attribute Destination) are the other way around. NB! Here, the SAML message is in its original format, from which it is converted to a format transmitted between the devices.
<saml2p:LogoutResponse Destination="https://kalastus.mallikunta.fi/SAML/SLO/Redirect" ID="_d852ff1c08bba9a0fc765bf7088f40a9" InResponseTo="_980f14cdd1f0cae5e1c8fa1523c7f45d" IssueInstant="2016-05-13T12:00:16.318Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" > <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.xyz/idp1</saml2:Issuer> <saml2p:Status> <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> </saml2p:Status> </saml2p:LogoutResponse>
Logout response (HTTP-POST)
The example shows the response returned by an e-service (in element saml2:Issuer) to Suomi.fi identification (in attribute Destination) that has requested logout.
When the e-service has initiated the logout, the response of Suomi.fi identification to the e-service is the same, apart from the fact that the sender (in element saml2:Issuer) and the recipient (in attribute Destination) are the other way around. NB! Here, the SAML message is in its original format, from which it is converted to a format transmitted between the devices.
<saml2p:LogoutResponse xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://idp.xyz/idp/profile/SAML2/POST/SLO" ID="1ba9-4d7c-8911-784abe3a2be5-9848d089d7ac" InResponseTo="4c76-4263-82d2-e952a2783c63-00027d00d6c4" IssueInstant="2015-11-09T13:48:21.218Z" Version="2.0"> <saml2:Issuer>https://kalastus.mallikunta.fi/SAML2SP</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#MPL_fcfe337dd7b3-23396834-1ba9-4d7c-8911-784abe3a2be5-9848d089d7ac"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ds:InclusiveNamespaces xmlns:ds="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default ds saml samlp xs xsi"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>GNUwbhYppmg7ZIgWpMuJFh0tU57qgNp2Osy313B2x9Q=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>lgrs...A==</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIG..ITAf</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2p:Status> <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </saml2p:Status> </saml2p:LogoutResponse>
Document history
Version | Changes | Date/Author |
---|---|---|
1.0 | Document published on eSuomi | 23.02.17/NP |
Document identifier: JTO21