Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 01:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove SAML 2.0 Logout Default

Browse Source 
Closes gh-10607
This commit is contained in:
Josh Cummings 2021-12-17 16:05:39 -07:00
parent 6c5ac0d8ec
commit 20c252982e
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/modules/ROOT/pages/servlet/saml2/logout.adoc
View File

@ -35,6 +35,7 @@ RelyingPartyRegistrationRepository registrations() {
RelyingPartyRegistration registration = RelyingPartyRegistrations RelyingPartyRegistration registration = RelyingPartyRegistrations
.fromMetadataLocation("https://ap.example.org/metadata") .fromMetadataLocation("https://ap.example.org/metadata")
.registrationId("id") .registrationId("id")
.singleLogoutServiceLocation("{baseUrl}/logout/saml2/slo")
.signingX509Credentials((signing) -> signing.add(credential)) <1> .signingX509Credentials((signing) -> signing.add(credential)) <1>
.build(); .build();
return new InMemoryRelyingPartyRegistrationRepository(registration); return new InMemoryRelyingPartyRegistrationRepository(registration);
@ -73,6 +74,10 @@ Also, your application can participate in an AP-initiated logout when the assert
3. Create, sign, and serialize a `<saml2:LogoutResponse>` based on the xref:servlet/saml2/login/overview.adoc#servlet-saml2login-relyingpartyregistration[`RelyingPartyRegistration`] associated with the just logged-out user 3. Create, sign, and serialize a `<saml2:LogoutResponse>` based on the xref:servlet/saml2/login/overview.adoc#servlet-saml2login-relyingpartyregistration[`RelyingPartyRegistration`] associated with the just logged-out user
4. Send a redirect or post to the asserting party based on the xref:servlet/saml2/login/overview.adoc#servlet-saml2login-relyingpartyregistration[`RelyingPartyRegistration`] 4. Send a redirect or post to the asserting party based on the xref:servlet/saml2/login/overview.adoc#servlet-saml2login-relyingpartyregistration[`RelyingPartyRegistration`]
NOTE: Adding `saml2Logout` adds the capability for logout to the service provider.
Because it is an optional capability, you need to enable it for each individual `RelyingPartyRegistration`.
You can do this by setting the `RelyingPartyRegistration.Builder#singleLogoutServiceLocation` property.
== Configuring Logout Endpoints == Configuring Logout Endpoints
There are three behaviors that can be triggered by different endpoints: There are three behaviors that can be triggered by different endpoints:

2
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
View File

@ -1014,7 +1014,7 @@ public final class RelyingPartyRegistration {
private Saml2MessageBinding assertionConsumerServiceBinding = Saml2MessageBinding.POST; private Saml2MessageBinding assertionConsumerServiceBinding = Saml2MessageBinding.POST;
private String singleLogoutServiceLocation = "{baseUrl}/logout/saml2/slo"; private String singleLogoutServiceLocation;
private String singleLogoutServiceResponseLocation; private String singleLogoutServiceResponseLocation;