search

spring-attic / spring-security-saml

SAML extension for the Spring Security project
Other
419 stars 482 forks source link

Single Logout does not send saml LogoutRequest when redirecting. 1.0.9.RELEASE #446

Closed Tyranwyn closed 5 years ago

Tyranwyn commented 5 years ago

So when I login on the API "/auth/login" and after that, I logout "/saml/logout" everything works as expected. The problem only exists when redirecting is involved of some sort.

Im putting the following urls in the browser:

localhost:3000/auth/login => localhost:3000/saml/logout --> Works

localhost:3000/auth/login => localhost:3000/logout => localhost:3000/saml/logout with following config: http.logout().clearAuthentication(false).logoutSuccessUrl("/saml/logout"); --> Doesn't work

From frontend: localhost:4200/ => localhost:3000/auth/login => localhost:4200 localhost:4200/ => localhost:3000/saml/logout --> Doesn't work

I when it works, it sends a saml LogoutRequest to the idp, when it doesn't, only a local logout is performed.

You guys have any idea?

Tyranwyn commented 5 years ago

Ok I found the issue, for frontend I'm using a generated jwt token as Authentication and I need to use a SAMLCredential.