In this example, you are using Postman to use the API. You can use CURL or build your own app if you prefer. For testing, we logged into a basic SAML application using the adaptor that we configured for sessions and the unique user key.
If you need a SAML testing app, see PingFacile Facile Decoder.
Using Postman, you can get the user's sessions with the unique user key that you’ve
selected: userPrincipalName
in this example. This is a GET request, and
you can see that the @ sign in the user identifier is encoded because it’s being sent in
the URL.
Replace the PingFederate service host
name and port with yours, and jsmith%40ad.reba.org
with the appropriate user identifier.
In the Headers tab, include the X-XSRF-Header
key with a value of PingFederate as shown in the following
image.
The following figure shows the Body tab in Postman with the user's session displayed after the GET request was issued.
Now that you can see that the user has sessions, you can make a POST request to the revocation endpoint with the unique identifier. For example:
You won't receive any response body, but you will receive a 200 OK
status message.
When you try the GET endpoint again, you'll find that there are no sessions for that user.