diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java index 69eb9d7628..80e67376e6 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticatedPrincipal.java @@ -77,6 +77,11 @@ public interface Saml2AuthenticatedPrincipal extends AuthenticatedPrincipal, Sam return null; } + @Override + default String getNameId() { + return getName(); + } + @Override default List getSessionIndexes() { return Collections.emptyList(); diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationInfo.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationInfo.java index 309e2a909b..db412f026e 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationInfo.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationInfo.java @@ -18,6 +18,7 @@ package org.springframework.security.saml2.provider.service.authentication; import java.util.List; +import org.opensaml.saml.saml2.core.NameID; import org.opensaml.saml.saml2.core.SessionIndex; import org.springframework.security.core.Authentication; @@ -41,6 +42,12 @@ public interface Saml2AuthenticationInfo { */ String getRelyingPartyRegistrationId(); + /** + * Get the {@link NameID} value of the authenticated principal + * @return the {@link NameID} value of the authenticated principal + */ + String getNameId(); + /** * Get the {@link SessionIndex} values of the authenticated principal * @return the {@link SessionIndex} values of the authenticated principal diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/BaseOpenSamlLogoutRequestResolver.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/BaseOpenSamlLogoutRequestResolver.java index c4550b632f..1f0e99db32 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/BaseOpenSamlLogoutRequestResolver.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/BaseOpenSamlLogoutRequestResolver.java @@ -147,16 +147,19 @@ final class BaseOpenSamlLogoutRequestResolver implements Saml2LogoutRequestResol issuer.setValue(entityId); logoutRequest.setIssuer(issuer); NameID nameId = this.nameIdBuilder.buildObject(); - nameId.setValue(authentication.getName()); logoutRequest.setNameID(nameId); Saml2AuthenticationInfo info = Saml2AuthenticationInfo.fromAuthentication(authentication); if (info != null) { + nameId.setValue(info.getNameId()); for (String index : info.getSessionIndexes()) { SessionIndex sessionIndex = this.sessionIndexBuilder.buildObject(); sessionIndex.setValue(index); logoutRequest.getSessionIndexes().add(sessionIndex); } } + else { + nameId.setValue(authentication.getName()); + } logoutRequest.setIssueInstant(Instant.now(this.clock)); this.parametersConsumer .accept(new LogoutRequestParameters(request, registration, authentication, logoutRequest));