Saml2 Single Logout (SingleLogoutServiceResponseUrl) with Sustainsys and Identity Server 4

Question

I am using Sustainsys Saml2 with Identity Server 4. A customer has asked me if we support support SAML Single Logout.

They have asked for:

1. Single Logout Request URL
2. Single Logout Response URL

From what I can see this is probably supported by Sustainsys given the following properties exist.

 var idp = new Sustainsys.Saml2.IdentityProvider(new EntityId("https://sso.acme.com"), opt.SPOptions)
                        {
MetadataLocation = "/metadata/sso-meta.xml",
                        LoadMetadata = true,
                        AllowUnsolicitedAuthnResponse = true,
                            SingleLogoutServiceResponseUrl = "INSERT",
                            SingleLogoutServiceBinding = Saml2BindingType.HttpRedirect
                        };

I have two questions:

1. I can only see one property which matches their request - the SingleLogoutServiceResponseUrl (I don't see a property for the SingleLogoutServiceRequestUrl). How do I configure the Single logout request Url?
2. How do I determine what the values are for these Url's?

Thanks

Answer 1

1. Outbound logout requests are sent to the SingleLogoutUrl configured on the Idp. The SingleLogoutResponseUrl is a special one - it's only used when responses should be sent to a different endpoint on the Idp than requests. Normally they are the same and if SingleLogoutResponseUrl is not set, the SingleLogoutUrl is used for both responses and requests.
2. Ask the Idp people for those.

And as an additional note: You're loading metadata. Then everything should already be in the metadata and you can shorten your code to

var idp = new Sustainsys.Saml2.IdentityProvider(new 
EntityId("https://sso.acme.com"), opt.SPOptions)
{
     MetadataLocation = "/metadata/sso-meta.xml",
     AllowUnsolicitedAuthnResponse = true,
};