So far, we have seen how we can run the sample SAML application. Now, we will look at how Spring Security supports SAML logout. First, we will see how SAML logout works and then we will see the class that is supported by Spring Security for SAML logout.
SAML supports single sign-on, so we can also say that it supports single logout as well.
The IDP determines authenticated SPs for a given user session. If there are no SPs, other than the SP who sends logout request, the profile proceeds with issuing a LogoutResponse to SP who sends logout request. Otherwise, LogoutRequest issued by the IDP to the SP and the SP-issued LogoutResponse to the IDP are repeated for each SP. The IDP issues LogoutResponse to the SP who sends the logout request.
Let's see what is in these request and response messages:
LogoutRequest is extended from
RequestAbstractType
. There are some attributes that must be in theRequestAbstractType
element.LogoutResponse...