I have a spring boot v.5+ application which uses spring security saml.
When an idp initiated SingleLogout Request is called i get an error saying :
org.springframework.security.saml.SAMLStatusException: LogoutRequest is required to be signed by the entity policy
Is there an option to disable signing of LogoutRequest in my service provider?
I was facing the same issue. I tried to tweak the default value of requireLogoutRequestSigned property (from default true to false) in Table 7.2. Extended metadata settings of my SP and it worked for me. I'm using MetadataGenerator bean to configure this setting in spring-boot v2.1.1.RELEASE and spring-security-saml2-core v1.0.3.RELEASE.
