• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Paul Clapham
  • Rob Spoor
  • Junilu Lacar
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Carey Brown
Bartenders:

Back-channel logout request format in Spring Security SAML

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am working on implementing single logout functionality when Spring Security SAML extension is used. In this scenario, a back-channel request has to be sent to Spring security SAML Single Logout endpoint from the identity provider(WSO2 identity server), when initiating single logout request from another application. The issue is in the format of the back-channel logout request sent to the spring security application. I have tried to send the requests in following [1] and [2] formats, but received [3] and [4] as the responses respectively.

Please help me on identifying the proper format that need to be sent as the back-channel logout request to the Spring Security application.

[1]SAML request :

<saml2p:LogoutRequest>
<saml2:Issuer>...</saml2:Issuer>...
</saml2p:LogoutRequest>

[2]SAML SOAP binding :

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<saml2p:LogoutRequest>
<saml2:Issuer>...</saml2:Issuer>...
</saml2p:LogoutRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

[3]Response : Moved Temporarily, Status Code : 302

[4]Response : Internal Server Error, Status Code : 500

Reference :

http://docs.spring.io/spring-security-saml/docs/current/reference/html/chapter-quick-start.html

https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic