The article for the saml2 setup (https://www.baeldung.com/spring-security-saml), fails a SLO. As the it does not mention anything in regard to adding a SP Issuer, which will lead to SP SLO failure, while IDP initiated logins would work well.
The SP Issuer needs to be same as the "Audience Restriction".
I have tried and verified this. As without the SP issuer I can see the following log in my Okta:
Apr 02 19:50:06
Siddharth Baranidharan (User)
User single sign out from app
FAILURE: Issuer does not match
SAML SLO (AppInstance)
Siddharth Baranidharan (AppUser)
Requesting to update the document, will help other folks implement without any issues :)
The article for the saml2 setup (https://www.baeldung.com/spring-security-saml), fails a SLO. As the it does not mention anything in regard to adding a SP Issuer, which will lead to SP SLO failure, while IDP initiated logins would work well.
The SP Issuer needs to be same as the "Audience Restriction".
I have tried and verified this. As without the SP issuer I can see the following log in my Okta:
Requesting to update the document, will help other folks implement without any issues :)