search

ulisesbocchio / spring-boot-security-saml

spring-security-saml integration with Spring Boot
MIT License
158 stars 73 forks source link

Logout success redirect property? #48

Closed venkatpathy closed 6 years ago

venkatpathy commented 6 years ago

Hi, i may have to handle something post logout success. what is the logout success redirect url property if there is any? Thanks

trblft commented 6 years ago

Hi, did you try this

saml.sso.logout.logout-url = /saml/logout
saml.sso.logout.single-logout-url = /saml/SingleLogout

You can check this page too https://github.com/ulisesbocchio/spring-boot-security-saml/blob/master/docs/properties/config-properties.md

venkatpathy commented 6 years ago

i was able achieve post redirect with the below saml.sso.logout.default-target-url=/logout

but when i use the above property the below doesnt seem to work for some reason saml.sso.default-success-url=/home Instead of redirecting to "/home" after successful login it redirects to "/", i had to write a controller to redirect that requests to "/home" instead. not sure why

trblft commented 6 years ago

Is the auth working? Do you see some auth success message in the log when adding this logging.level.org.springframework.security.saml = DEBUG

trblft commented 6 years ago

Did you use that too? saml.sso.sso-processing-url

venkatpathy commented 6 years ago

yes i did see some message o.s.security.saml.log.SAMLDefaultLogger : AuthNRequest;SUCCESS;....... No i have not used the property "saml.sso.sso-processing-url"

ulisesbocchio commented 6 years ago

@venkatpathy the right answer is:

saml.sso.logout.default-target-url=/logout

But with that alone the sample app won't work, since now, the default target url ("/") is protected. The plugin automatically makes open the URLs defined throughout that are for error handling or logout. That's why you see that is not taking you /home after login. Also notice, that is not taking you to / when you go to http://localhost:8080 and instead taking you directly to the IDP selection. This is because / is NOW protected, so the SSO is initiated, then after login you go back to the resource you wanted to go, in this case /. The index page at / has a link to /home, and since that is protected, when you click it, sso is initiated and then you get back to /home. If you want / to be open, just add:

        @Override
        public void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests()
                .regexMatchers("/")
                .permitAll();
        }

that will give you the same behavior as before, with a callback to /logout after successful logout