...
For the request, you need the EntityID of the SAML2 application or the client_id of the OAuth2 application.
The id_token and userinfo response contains an OAuth2 extension called session_index. You must pass this session_index value to the non-interactive applicaation application and then call our /uas/status endpoint in the back channel using the sessionIndex and entityID parameters.
e.g.
The session_index value cannot be used to retrieve user information, only for finding out if there is a valid session or not.The response is by default in JSON format. Other formats are supported if sending the query parameter “type”
“application/xml” or “application/json” for XML or JSON respectively.
If there is a session, the request message looks like this:
Code Block theme RDark title Request https://mno.ubidemo.com/uas/status?entityID=c495bb59-f0ae-430a-9830-ca8228aa58fe&sessionIndex=_d6ee2628b0d493809650c06b2653083511d6e474
The response is in JSON format
Code Block theme RDark title Response { "valid": true, "issueInstant": 1499433097694, "refresh": false, "entityID": "c495bb59-f0ae-430a-9830-ca8228aa58fe", "sessionIndex": "_d6ee2628b0d493809650c06b2653083511d6e474", "sessionNotOnOrAfter": 1499436584471, "authnInstant": 1499432984462 }
If you include the refresh parameter, the user session is extended:
Code Block theme RDark title Request https://mno.ubidemo.com/uas/status?entityID=c495bb59-f0ae-430a-9830-ca8228aa58fe&sessionIndex=_d6ee2628b0d493809650c06b2653083511d6e474&refresh=true
Notice how the sessionNotOnOrAfter value increases in the response
Code Block theme RDark title Response { "valid": true, "issueInstant": 1499433264743, "refresh": true, "entityID": "c495bb59-f0ae-430a-9830-ca8228aa58fe", "sessionIndex": "_d6ee2628b0d493809650c06b2653083511d6e474", "sessionNotOnOrAfter": 1499436864743, "authnInstant": 1499432984462 }
If there is no session, the message looks like this:
Code Block language js theme RDark title Invalid session response { "valid":false, "issueInstant":1495183121690 }
...
Info |
---|
Consider system performance when designing when and how often to make such requests to prevent unnecesary unnecessary load. |
Related articles
Filter by label (Content by label) | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...