From e528923878094e4ee58c25d9b82e67821fe3e515 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Dec 2024 03:08:32 +0000
Subject: [PATCH 1/3] Bump io.projectreactor:reactor-bom from 2023.0.12 to
 2023.0.13

Bumps [io.projectreactor:reactor-bom](https://github.com/reactor/reactor) from 2023.0.12 to 2023.0.13.
- [Release notes](https://github.com/reactor/reactor/releases)
- [Commits](https://github.com/reactor/reactor/compare/2023.0.12...2023.0.13)

---
updated-dependencies:
- dependency-name: io.projectreactor:reactor-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 gradle/libs.versions.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 1f4477c336..a4dc106d86 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -28,7 +28,7 @@ com-unboundid-unboundid-ldapsdk = "com.unboundid:unboundid-ldapsdk:6.0.11"
 commons-collections = "commons-collections:commons-collections:3.2.2"
 io-micrometer-micrometer-observation = "io.micrometer:micrometer-observation:1.12.13"
 io-mockk = "io.mockk:mockk:1.13.13"
-io-projectreactor-reactor-bom = "io.projectreactor:reactor-bom:2023.0.12"
+io-projectreactor-reactor-bom = "io.projectreactor:reactor-bom:2023.0.13"
 io-rsocket-rsocket-bom = { module = "io.rsocket:rsocket-bom", version.ref = "io-rsocket" }
 io-spring-javaformat-spring-javaformat-checkstyle = { module = "io.spring.javaformat:spring-javaformat-checkstyle", version.ref = "io-spring-javaformat" }
 io-spring-javaformat-spring-javaformat-gradle-plugin = { module = "io.spring.javaformat:spring-javaformat-gradle-plugin", version.ref = "io-spring-javaformat" }

From 7aafe2ed5ab654b5136a1764bdf86a5911ac2c63 Mon Sep 17 00:00:00 2001
From: Steven Williams <swilliamsjr61@gmail.com>
Date: Thu, 14 Nov 2024 16:39:12 -0500
Subject: [PATCH 2/3] Set
 Saml2RelyingPartyInitiatedLogoutSuccessHandler#logoutRequestRepository

Closes gh-16093
---
 .../security/config/http/Saml2LogoutBeanDefinitionParser.java    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParser.java
index 5f894cf8d8..545f0f06c6 100644
--- a/config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParser.java
@@ -147,6 +147,7 @@ final class Saml2LogoutBeanDefinitionParser implements BeanDefinitionParser {
 		BeanMetadataElement saml2LogoutRequestSuccessHandler = BeanDefinitionBuilder
 			.rootBeanDefinition(Saml2RelyingPartyInitiatedLogoutSuccessHandler.class)
 			.addConstructorArgValue(logoutRequestResolver)
+			.addPropertyValue("logoutRequestRepository", logoutRequestRepository)
 			.getBeanDefinition();
 		this.logoutFilter = BeanDefinitionBuilder.rootBeanDefinition(LogoutFilter.class)
 			.addConstructorArgValue(saml2LogoutRequestSuccessHandler)

From 643a3f12064d41b9f00cb4ed0c8986e0366cad44 Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Thu, 19 Dec 2024 08:49:07 -0700
Subject: [PATCH 3/3] Test Setting logoutRequestRepository

Issue gh-16093
---
 .../saml2/Saml2LogoutConfigurerTests.java       |  1 +
 .../Saml2LogoutBeanDefinitionParserTests.java   | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java
index 187c0979a2..8926f0092b 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java
@@ -484,6 +484,7 @@ public class Saml2LogoutConfigurerTests {
 		verify(getBean(Saml2LogoutResponseValidator.class)).validate(any());
 	}
 
+	// gh-11363
 	@Test
 	public void saml2LogoutWhenCustomLogoutRequestRepositoryThenUses() throws Exception {
 		this.spring.register(Saml2LogoutComponentsConfig.class).autowire();
diff --git a/config/src/test/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserTests.java
index 152525d4a2..d51349440a 100644
--- a/config/src/test/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserTests.java
@@ -63,6 +63,7 @@ import org.springframework.web.util.UriUtils;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.containsString;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.verify;
@@ -380,6 +381,22 @@ public class Saml2LogoutBeanDefinitionParserTests {
 		verify(getBean(Saml2LogoutResponseValidator.class)).validate(any());
 	}
 
+	// gh-11363
+	@Test
+	public void saml2LogoutWhenCustomLogoutRequestRepositoryThenUses() throws Exception {
+		this.spring.configLocations(this.xml("CustomComponents")).autowire();
+		RelyingPartyRegistration registration = this.repository.findByRegistrationId("get");
+		Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration)
+			.samlRequest(this.rpLogoutRequest)
+			.id(this.rpLogoutRequestId)
+			.relayState(this.rpLogoutRequestRelayState)
+			.parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature))
+			.build();
+		given(getBean(Saml2LogoutRequestResolver.class).resolve(any(), any())).willReturn(logoutRequest);
+		this.mvc.perform(post("/logout").with(authentication(this.saml2User)).with(csrf()));
+		verify(getBean(Saml2LogoutRequestRepository.class)).saveLogoutRequest(eq(logoutRequest), any(), any());
+	}
+
 	private <T> T getBean(Class<T> clazz) {
 		return this.spring.getContext().getBean(clazz);
 	}