In this example, you are using Postman to use the API. You can use CURL or build your own app if you prefer. For testing, we logged into a basic SAML application using the adaptor that we configured for sessions and the unique user key.

Note:

If you need a SAML testing app, see PingFacile Facile Decoder.

Using Postman, you can get the user's sessions with the unique user key that you’ve selected: userPrincipalName in this example. This is a GET request, and you can see that the @ sign in the user identifier is encoded because it’s being sent in the URL.

Screen capture showing the example GET request, https://pingfed-idp.ad.jibboo.org:9031/pf-ws/rest/sessionMgmt/users/jsmith%40ad.reba.org.

Replace the PingFederate service host name and port with yours, and jsmith%40ad.reba.org with the appropriate user identifier.

Note:

In the Headers tab, include the X-XSRF-Header key with a value of PingFederate as shown in the following image.

Screen capture of the contents of the Headers tab in Postman with the X-XSRF-Header key and the PingFederate value highlighted.

The following figure shows the Body tab in Postman with the user's session displayed after the GET request was issued.

Screen capture showing the session in the Body tab after the GET request was issued.

Now that you can see that the user has sessions, you can make a POST request to the revocation endpoint with the unique identifier. For example:

Screen capture showing the example POST revocation request, https://pingfed-idp.ad.jibboo.org:9031/pf-ws/rest/sessionMgmt/users/jsmith%40ad.reba.org/revoke.

You won't receive any response body, but you will receive a 200 OK status message.

When you try the GET endpoint again, you'll find that there are no sessions for that user.

Screen capture showing no sessions in the Body tab after the POST request was issued.