1

The context is a working IdP/SP Blazor application with working SSO and single logout (SLO). I would ideally like the session timeout to have the same effect as SLO, but have yet to find a way to achieve this. I have noted the other qus on this and have set the lifetime value to 30 seconds (for testing) in AssertionConsumerService. Slidingexpiration is set to true.

But, nothing happens - certainly nothing visually, and, well after 30s, buttons etc on the page are active as normal.

How can I test this further and react to the session timeout event (or state), if that is possible?

Thanks

Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25
jas
  • 53
  • 7

1 Answers1

0

It is only the backend server that knows about the session an if it has timeout. The server should, it the session is invalid, throw an exception when it is called. The Blazor application can test if the session is valid by calling the backend and then show a suitable message for the user or just start the login sequence.

SAML 2.0 is really not the best solution for a Blazor application or other retch browser clients. A better way is to use an identity proxy (eg. like FoxIDs) to convert between SAML 2.0 and OpenID Connect. Then it is possible to use OpenID Connect in the Blazor application (e.g. using ITfoxtec Identity Blazor) and backend API.

Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25
  • 1
    Thanks. Unfortunately I am constrained to use Saml 2. I now have a sort of workaround where I use mouse move etc to implement an inactivity detector, upon which, I navigate to the IdP home page, which is ok in this situation. – jas Aug 03 '21 at 01:31
  • 1
    I have been wary of using session... https://tutorialslink.com/Articles/How-to-use-Sessions-in-Blazor-Application/2057 https://www.syncfusion.com/faq/blazor/general/how-do-i-store-session-data-in-server-side-blazor https://www.syncfusion.com/faq/blazor/event-handling/how-do-you-initiate-automatic-logout-when-a-user-is-inactive-in-blazor https://www.brcline.com/blog/detecting-inactivity-in-javascript – jas Aug 03 '21 at 01:48