Describe the bug
Spring Security is unable to complete SLO successfully if the asserting party (IdP) does not sign the SAMLResponse.
To Reproduce
Configure Spring Security with an appropriate asserting party. For example, ssocircle.com behaves like this and provides free registration.
Make a local POST request to the logoutUrl (e.g. /logout).
15:56:44.555 [XNIO-1 task-4] DEBUG Saml2LogoutResponseFilter - Failed to validate LogoutResponse: [[invalid_signature] Missing signature algorithm for object [s89652e27611a5f8e733de5740a858c3c92b7c7a6]]
Expected behavior
A signed SAMLResponse is not required for SLO.
Additional
An example (decoded) response that triggers this:
Describe the bug Spring Security is unable to complete SLO successfully if the asserting party (IdP) does not sign the SAMLResponse.
To Reproduce Configure Spring Security with an appropriate asserting party. For example, ssocircle.com behaves like this and provides free registration. Make a local POST request to the
logoutUrl
(e.g./logout
).Expected behavior A signed SAMLResponse is not required for SLO.
Additional An example (decoded) response that triggers this: