Skip to content

Custom RelayState with OpenSamlLogoutRequestResolver #12538

New issue
New issue
Closed
#12582
Closed
Custom RelayState with OpenSamlLogoutRequestResolver#12538
#12582
Assignees
ghaegejzheaux
Labels
in: saml2An issue in SAML2 modulestype: enhancementA general enhancement
@ghaege

Description

@ghaege
ghaege
opened on Jan 13, 2023

Describe the bug
RelayState Param with SamlLogoutRequest is ignored.
Instead its replaced with a hardcoded UUID and cannot be customized.

To Reproduce
If we call for example the logout api via: http://logout-host:1234/logout?RelayState=http://app-host:5678
the RelayState Param is never processed.

final class OpenSamlLogoutRequestResolver {
..
    String relayState = UUID.randomUUID().toString();

Expected behavior
RelayState should processed or at least be customizable via

@Bean 
Saml2LogoutRequestResolver logoutRequestResolver(
        RelyingPartyRegistrationResolver registrations) {
    
    OpenSaml4LogoutRequestResolver logoutRequest = 
            new OpenSaml4LogoutRequestResolver(registrations);
    logoutRequest.setRelayStateResolver(this::resolveCustomRelayState);
    
    return logoutRequest;
}

Solution
The solution should be very similar to #11065

Metadata

Metadata

Assignees

Labels

in: saml2An issue in SAML2 modulestype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions