I have successfully Implemented SSO and SLO using Spring Security 5.7.5. SiteMinder is my Identity Provider. I am getting SMSESSION after authenticating successfully. When I send SAML2 LogoutRequest after 90 seconds of Login my Service Provider (Spring Boot) is not sending the SMSESSION in the Request cookies.
SessionNotOnOrAfter is set to 3 hours after IssueInstant in Authentication response my by IdP.
I am doing a Logout to sml2slo Post request to IdP.
.saml2Logout( saml2LogoutConfigurer -> saml2LogoutConfigurer .withObjectPostProcessor( new ObjectPostProcessor<LogoutFilter>() { @Override public <O extends LogoutFilter> O postProcess( O logoutFilter) { logoutFilter.setLogoutRequestMatcher( new AntPathRequestMatcher( "/logout")); return logoutFilter; } })
Any leads helps. Thanks.
