vdenotaris
commented
6 years ago You suggestion is absolutely right. This issue will be fixed in the next release. Thanks a lot for your contribution. 👍
Closed FlasH-RUS closed 6 years ago
vdenotaris
commented
6 years ago You suggestion is absolutely right. This issue will be fixed in the next release. Thanks a lot for your contribution. 👍
Hi, First, thanks for this sample :) Second, I have a question (that may resolve into an actual issue). Why does your WebSecurityConfig contain a default Spring LogoutFilter configuration:
From what I understand after hours spent on making Spring SAML work correctly, it (Spring SAML) overrides the default logout behavior with its own (available at /saml/logout), therefore the default Spring LogoutFilter doesn't make sense anymore (it's still available by POST to /logout, but it literally does nothing except for redirecting to /). So since LogoutConfigurer comes as a default and WebSecurityConfig uses defaults (by reusing a default constructor which in turn calls
this(false)), does it makes sense to replace the snippet above withhttp.logout.disable();at least to avoid confusion?