Reputation: 648
Spring Security SAML Extension - callback for Single Log Out from Idp
I am currently integrating SAML in to our web application. How do I set up my applicatoin to listen to logout request sent by IdP (when the user logout globally from another SP)?
I have read through the reference but it doesn't talk about this scenario. It only talks about global initiated by the SP.
Upvotes: 2
Views: 1736
Answers (1)
Reputation: 15533
Spring SAML conforms to the SAML 2.0 Single Logout profile, and the documentation says Single Logout can be initialized from any of the participaing SPs or from the IDP.
There's nothing extra you need to do, simply configure your IDP to send LogoutRequest to the /saml/SingleLogout endpoint of Spring SAML. The endpoint is defined in the default generated metadata.
Please note that only HTTP-POST and HTTP-Redirect bindings are supported for the Single Logout.
You can customize Global Logout behavior by changing LogoutHandler in the SAMLLogoutProcessingFilter.
Upvotes: 2
Related Questions
- How to logout from Saml IDP when I logout from my application
- IdP endpoint for SAML logout response after an IdP initiated logout request using HTTP redirect binding
- Spring Security SAML One Login Global Single Logout LogoutRequest Parsing Issue
- SAML: is it possible to force user to go through login process even when user has an IDP session
- SAML IDP Login Form not prompted after local logout
- IDP doesn't contain any SingleLogout endpoints
- how to achieve global Logout for specific SP from IDP side?
- Spring saml - Single logout
- Spring Security SAML Global Logout not sending saml response to IDP
- spring saml: How is LOGOUT handled? Is it mandatory to have logout endpoint in IDP metadata xml?