diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java index e13bddf707..047f48c809 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -371,7 +371,7 @@ public class Saml2LogoutConfigurerTests { } @Test - public void saml2LogoutRequestWhenNoRegistrationThen400() throws Exception { + public void saml2LogoutRequestWhenNoRegistrationThen401() throws Exception { this.spring.register(Saml2LogoutDefaultsConfig.class).autowire(); DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", Collections.emptyMap()); @@ -384,19 +384,19 @@ public class Saml2LogoutConfigurerTests { .param("SigAlg", this.apLogoutRequestSigAlg) .param("Signature", this.apLogoutRequestSignature) .with(authentication(user))) - .andExpect(status().isBadRequest()); + .andExpect(status().isUnauthorized()); verifyNoInteractions(getBean(LogoutHandler.class)); } @Test - public void saml2LogoutRequestWhenInvalidSamlRequestThen401() throws Exception { + public void saml2LogoutRequestWhenInvalidSamlRequestThen302Redirect() throws Exception { this.spring.register(Saml2LogoutDefaultsConfig.class).autowire(); this.mvc .perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) .param("RelayState", this.apLogoutRequestRelayState) .param("SigAlg", this.apLogoutRequestSigAlg) .with(authentication(this.user))) - .andExpect(status().isUnauthorized()); + .andExpect(status().isFound()); verifyNoInteractions(getBean(LogoutHandler.class)); } diff --git a/config/src/test/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserTests.java index d51349440a..141f14701f 100644 --- a/config/src/test/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/Saml2LogoutBeanDefinitionParserTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -271,7 +271,7 @@ public class Saml2LogoutBeanDefinitionParserTests { } @Test - public void saml2LogoutRequestWhenNoRegistrationThen400() throws Exception { + public void saml2LogoutRequestWhenNoRegistrationThen401() throws Exception { this.spring.configLocations(this.xml("Default")).autowire(); DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", Collections.emptyMap()); @@ -284,18 +284,18 @@ public class Saml2LogoutBeanDefinitionParserTests { .param("SigAlg", this.apLogoutRequestSigAlg) .param("Signature", this.apLogoutRequestSignature) .with(authentication(user))) - .andExpect(status().isBadRequest()); + .andExpect(status().isUnauthorized()); } @Test - public void saml2LogoutRequestWhenInvalidSamlRequestThen401() throws Exception { + public void saml2LogoutRequestWhenInvalidSamlRequestThen302Redirect() throws Exception { this.spring.configLocations(this.xml("Default")).autowire(); this.mvc .perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest) .param("RelayState", this.apLogoutRequestRelayState) .param("SigAlg", this.apLogoutRequestSigAlg) .with(authentication(this.saml2User))) - .andExpect(status().isUnauthorized()); + .andExpect(status().isFound()); } @Test