How to configure single logout(Global) for spring application

satheeshraj · August 16, 2017, 7:07am

Hi,

I am new to okta,saml. Single Sign on integration is successfull and now I want to do Single logout. I have done the following-

Single Logout url: http://localhost:8080/spring-security-saml2-sample/saml/logout
SP Issuer : http://localhost:8080/spring-security-saml2-sample/saml/metadata
Created certificate and uploaded.

In my SecurityConfig defined filters as follows.

     <bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
        <security:filter-chain-map request-matcher="ant">
            <security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter"/>
            <security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint"/>
            <security:filter-chain pattern="/saml/logout/**" filters="samlLogoutFilter"/>
            <security:filter-chain pattern="/saml/SSO/**" filters="samlWebSSOProcessingFilter"/>
            <security:filter-chain pattern="/saml/SSOHoK/**" filters="samlWebSSOHoKProcessingFilter"/>
            <security:filter-chain pattern="/saml/discovery/**" filters="samlIDPDiscovery"/>
        </security:filter-chain-map>
    </bean>

Now from my apps log out button invoking http://localhost:8080/spring-security-saml2-sample/saml/logout, works fine. But it is a local logout. I want to do a Gloabal Logout.
So that I changed the filter as follows-

<bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
    <security:filter-chain-map request-matcher="ant">
        <security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter"/>
        <security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint"/>
        <security:filter-chain pattern="/saml/SSO/**" filters="samlWebSSOProcessingFilter"/>
        <security:filter-chain pattern="/saml/SSOHoK/**" filters="samlWebSSOHoKProcessingFilter"/>
        <security:filter-chain pattern="/saml/logout/**" filters="samlLogoutProcessingFilter"/>
        <security:filter-chain pattern="/saml/discovery/**" filters="samlIDPDiscovery"/>
    </security:filter-chain-map>
</bean>

But its not working, shows “404 Not found”, and its not sending Saml logout request. How can I fix this issue. I want to do a gloabal log out. Thanks in advance.