1

I have authenticated my application through OpenAM based IDP through SAML.Now I want to logout of my application through SAML. So my questions are :

  1. I have selected the "spSingleLogoutInit.jsp" implementation,is it the right way of doing?

  2. If its yes than what should be the RelayState,I have given the login page of my application, i.e "http://www.myexample.com/login.do.

3.In the sessionIndex do I need to give the current session id i.e "request.getSession().getId()", or I need to pass the JSESSIONID from the cookies.

  1. NameId is defined as:

    String nameID ="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"

is it correct?

5.binding protocol is default i.e redirect.

I am calling:

    SPSingleLogout.initiateLogoutRequest(request, response, binding,
                paramsMap);

I do not get any error,but my session still remain active

Is my declaration correct,need help.

Phalguni Mukherjee
  • 623
  • 3
  • 11
  • 29

1 Answers1

0

You may first read SAML techoverview , so you get an idea how all the parties interact ...

you may also use Spring Security SAML extension ... you get 'local' or 'global' logout OOTB ... see my workaround for IdP-initiated Single Logout

Bernhard Thalmayr
  • 2,674
  • 1
  • 11
  • 7
  • @Bernard just wanted to confirm if what I have done is correct,It works fine now, what I am doing is in my SP side, I am holding the SpResponse which is coming after authentication in session,as I am doing SP initiated logout, now when the user clicks logout,logout service is initiated in sp side by calling " SPSingleLogout.initiateLogoutRequest( request,response, binding,paramsMap);", once the response comes back from the IDP I do " SPSingleLogout.processLogoutResponse(request,response, samlResponse, relayState);" in my sp side. – Phalguni Mukherjee Feb 10 '14 at 17:58