Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

After a user has logged in interactively, a downstream non-browser application can request the status of user session via a back channel request.

Ubisecure SSO includes the /uas/status endpoint for this purpose.

Step-by-step guide

  1. For the request, you need the EntityID of the SAML2 application or the client_id of the OAuth2 application.

  2. The id_token and userinfo response contains an OAuth2 extension called session_index. You must pass this session_index value to the non-interactive applicaation and then call our /uas/status endpoint in the back channel using the sessionIndex and entityID parameters.
    The session_index value cannot be used to retrieve user information, only for finding out if there is a valid session or not.


    The response is by default in JSON format. Other formats are supported if sending the query parameter “type”

    “application/xml” or “application/json” for XML or JSON respectively.

  3. If there is a session, the message looks like this:




  4. If there is no session, the message looks like this:






Consider system performance when designing when and how often to make such requests to prevent unnecesary load.

  • No labels