After a user has logged in interactively, a downstream non-browser application can request the status of user session via a back channel request.

Ubisecure SSO includes the /uas/status endpoint for this purpose.

OAuth id_tokens contain the Ubisecure extension session_index which can be used to resolve current SSO session status for a given user session.

Step-by-step guide


  1. For the request, you need the EntityID of the SAML2 application or the client_id of the OAuth2 application.

  2. The id_token and userinfo response contains an OAuth2 extension called session_index. You must pass this session_index value to the non-interactive application and then call our /uas/status endpoint in the back channel using the sessionIndex and entityID parameters.
    The session_index value cannot be used to retrieve user information, only for finding out if there is a valid session or not.

    e.g.

    https://XXXXXX.example.com/uas/status?entityID={client_id}&sessionIndex={session_index}&type=application/json

    The response is by default in JSON format. Other formats are supported if sending the query parameter “type”

    “application/xml” or “application/json” for XML or JSON respectively.

  3. If there is a session, the request message looks like this:

    https://mno.ubidemo.com/uas/status?entityID=c495bb59-f0ae-430a-9830-ca8228aa58fe&sessionIndex=_d6ee2628b0d493809650c06b2653083511d6e474

    The response is in JSON format

    {
  "valid": true,
  "issueInstant": 1499433097694,
  "refresh": false,
  "entityID": "c495bb59-f0ae-430a-9830-ca8228aa58fe",
  "sessionIndex": "_d6ee2628b0d493809650c06b2653083511d6e474",
  "sessionNotOnOrAfter": 1499436584471,
  "authnInstant": 1499432984462
}


  4. If you include the refresh parameter, the user session is extended:

    https://mno.ubidemo.com/uas/status?entityID=c495bb59-f0ae-430a-9830-ca8228aa58fe&sessionIndex=_d6ee2628b0d493809650c06b2653083511d6e474&refresh=true

    Notice how the sessionNotOnOrAfter value increases in the response

    {
  "valid": true,
  "issueInstant": 1499433264743,
  "refresh": true,
  "entityID": "c495bb59-f0ae-430a-9830-ca8228aa58fe",
  "sessionIndex": "_d6ee2628b0d493809650c06b2653083511d6e474",
  "sessionNotOnOrAfter": 1499436864743,
  "authnInstant": 1499432984462
}


  5. If there is no session, the message looks like this:

    {
   "valid":false,
   "issueInstant":1495183121690
}


 

Consider system performance when designing when and how often to make such requests to prevent unnecessary load.

Related articles

Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.



Related issues