Skip to content

Custom RelayState with OpenSamlLogoutRequestResolver #12538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ghaege opened this issue Jan 13, 2023 · 2 comments · Fixed by #12582
Closed

Custom RelayState with OpenSamlLogoutRequestResolver #12538

ghaege opened this issue Jan 13, 2023 · 2 comments · Fixed by #12582
Assignees
@ghaege @jzheaux
Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement

Comments

@ghaege
Copy link

ghaege commented Jan 13, 2023
edited
Loading

Describe the bug
RelayState Param with SamlLogoutRequest is ignored.
Instead its replaced with a hardcoded UUID and cannot be customized.

To Reproduce
If we call for example the logout api via: http://logout-host:1234/logout?RelayState=http://app-host:5678
the RelayState Param is never processed.

final class OpenSamlLogoutRequestResolver {
..
    String relayState = UUID.randomUUID().toString();

Expected behavior
RelayState should processed or at least be customizable via

@Bean 
Saml2LogoutRequestResolver logoutRequestResolver(
        RelyingPartyRegistrationResolver registrations) {
    
    OpenSaml4LogoutRequestResolver logoutRequest = 
            new OpenSaml4LogoutRequestResolver(registrations);
    logoutRequest.setRelayStateResolver(this::resolveCustomRelayState);
    
    return logoutRequest;
}

Solution
The solution should be very similar to #11065
@ghaege ghaege added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Jan 13, 2023
@sjohnr sjohnr added the in: saml2 An issue in SAML2 modules label Jan 13, 2023
@jzheaux
Copy link
Contributor

jzheaux commented Jan 17, 2023

Sounds great, @ghaege. Can you provide a PR that adds the feature?

@jzheaux jzheaux added type: enhancement A general enhancement status: ideal-for-contribution An issue that we actively are looking for someone to help us with and removed status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Jan 17, 2023
@ghaege
Copy link
Author

ghaege commented Jan 18, 2023

yes, but it might take a couple days

@jzheaux jzheaux removed the status: ideal-for-contribution An issue that we actively are looking for someone to help us with label Jan 24, 2023
@ghaege ghaege mentioned this issue Jan 25, 2023
Merged
jzheaux added a commit to ghaege/spring-security that referenced this issue Feb 16, 2023
@jzheaux
Polish
5b1710f 
Co-authored-by: ghaege <[email protected]>

Issue spring-projectsgh-12538
jzheaux added a commit to ghaege/spring-security that referenced this issue Feb 16, 2023
@jzheaux
Add RelayStateResolver
18318f6 
Co-authored-by: ghaege <[email protected]>

Closes spring-projectsgh-12538
jzheaux added a commit that referenced this issue Feb 16, 2023
@jzheaux
Polish
ab8337e 
Co-authored-by: ghaege <[email protected]>

Issue gh-12538
jzheaux added a commit that referenced this issue Feb 16, 2023
@jzheaux
Add RelayStateResolver
c1c2837 
Co-authored-by: ghaege <[email protected]>

Closes gh-12538
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ghaege ghaege

@jzheaux jzheaux

Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add RelayState Customizer to SAML Logout ghaege/spring-security
3 participants
@ghaege @jzheaux @sjohnr