Expected Behavior On successful saml2logout, there must be successUrl or handler that will redirect to page of our choice
Current Behavior
On successful sam2logout, it is redirected to /login?logout. which is forcing me to login page again.
Context
Hi I have a requirement that i need to re-direct to specific page (not login page) on successful logout. For saml2login , there is defaultSuccessUrl but could not find any such thing for logout. Is there any work around for me to achieve that?
Comment From: jzheaux
By default, saml2logout() inherits from the logout(). So you can do:
http
.logout((logout) -> logout.logoutSuccessUrl("/myLogoutSuccessUrl"))
.saml2Logout(Customizer.withDefaults())
Does that approach work for your situation? I'm wondering if you are needing a different logout success endpoint for SAML.
Comment From: lightyear13
Thanks @jzheaux , your suggestion is working. In my case i don't need a different logout success endpoint
Comment From: hxie-axiad
@jzheaux I tried your approach, and I have a custom logout success handler, but my custom logout success handler will not be run.
Based on my debugging, the SAML logoutFilter is always added on top of the custom logoutFilter. This causes the logout request will be always processed by the SAML logoutFillter first. Once the SAML logoutFilter process is finished, the custom logoutFilter will be skipped, because of this condition check, and the success handler will be skipped.
if (requiresLogout(request, response)) {
...
}
I also tried using logoutSuccessUrl directly, but it's still the same issue.
I am using spring boot 2.7.4.
Comment From: jzheaux
the SAML logoutFilter is always added on top of the custom logoutFilter
@hxie-axiad, I'm not clear on what you mean about a "custom logoutFilter". Could you please share your configuration, what you are expecting to happen and what is actually happening?
Comment From: spring-projects-issues
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
Comment From: spring-projects-issues
Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.
Comment From: shashigit7
When I use the following configuration
http .logout((logout) -> logout.logoutSuccessUrl("/myLogoutSuccessUrl")) .saml2Logout(Customizer.withDefaults())
It is getting logged out from local session but not redirecting to saml logout. Im I missing any configuration? . Im using spring security 6.x and spring boot 3.2.5
Comment From: jzheaux
@shashigit7, there is probably more to your configuration that will be relevant to answering your question. Please review the logout documentation and see this logout sample.
If that doesn't help get you unstuck, will you please post a question to StackOverflow, paste that link here, and then I and others can help you debug over there?