Hi,
I am running 1.0.0 RC1 and cannot get global or local logout to work.
1. Goto http://<server>:<port>/spring-security-saml2-sample/index.jsp
2. Get redirected to my IDP
3. Do login at IDP
4. I am redirected back to "http://<server>:<port>/spring-security-saml2-sample/index.jsp;jsessionid=69A8A4BDFCE9D12AE003CB2AFC69E 808"
On this page, I see:
User has been authenticated
...
and the links at the bottom:
Global Logout
Local Logout
5. Click on "Global Logout" link
6. I end up on http://<server>:<port>/spring-security-saml2-sample/logout.jsp
and see:
You have been logged out.
Back to index
7. When I click the "Back to index" link, I still see what I saw in step 4 -- like I was never logged out.
The only difference I can see is that the URL in the browser is now just (no jsessionid parameter):
"http://<server>:<port>/spring-security-saml2-sample/index.jsp"
When I remote debug into processLogout() method in SAMLLogoutFilter, on line 124:
Authentication auth = SecurityContextHolder.getContext().getAuthenticati on();
SecurityContextHolder.getContext().getAuthenticati on() returns null and is assigned to "auth"
Since the next line checks whether "auth" is null:
if (auth != null && isGlobalLogout(request, auth)) {
most of the logout code seems to be skipped.
If I try "Local logout", I see the same behavior.
Any information or hints on why I would be running into this condition or how to get logout to work would be greatly appreciated.
I am running 1.0.0 RC1 and cannot get global or local logout to work.
1. Goto http://<server>:<port>/spring-security-saml2-sample/index.jsp
2. Get redirected to my IDP
3. Do login at IDP
4. I am redirected back to "http://<server>:<port>/spring-security-saml2-sample/index.jsp;jsessionid=69A8A4BDFCE9D12AE003CB2AFC69E 808"
On this page, I see:
User has been authenticated
...
and the links at the bottom:
Global Logout
Local Logout
5. Click on "Global Logout" link
6. I end up on http://<server>:<port>/spring-security-saml2-sample/logout.jsp
and see:
You have been logged out.
Back to index
7. When I click the "Back to index" link, I still see what I saw in step 4 -- like I was never logged out.
The only difference I can see is that the URL in the browser is now just (no jsessionid parameter):
"http://<server>:<port>/spring-security-saml2-sample/index.jsp"
When I remote debug into processLogout() method in SAMLLogoutFilter, on line 124:
Authentication auth = SecurityContextHolder.getContext().getAuthenticati on();
SecurityContextHolder.getContext().getAuthenticati on() returns null and is assigned to "auth"
Since the next line checks whether "auth" is null:
if (auth != null && isGlobalLogout(request, auth)) {
most of the logout code seems to be skipped.
If I try "Local logout", I see the same behavior.
Any information or hints on why I would be running into this condition or how to get logout to work would be greatly appreciated.