I am working on implementing single logout functionality when Spring Security SAML extension is used. In this scenario, a back-channel request has to be sent to Spring security SAML Single Logout endpoint from the identity provider(WSO2 identity server), when initiating single logout request from another application. The issue is in the format of the back-channel logout request sent to the spring security application. I have tried to send the requests in following [1] and [2] formats, but received [3] and [4] as the responses respectively.
Please help me on identifying the proper format that need to be sent as the back-channel logout request to the Spring Security application.
[1]SAML request :
<saml2p:LogoutRequest>
<saml2:Issuer>...</saml2:Issuer>...
</saml2p:LogoutRequest>
[2]SAML SOAP binding :
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<saml2p:LogoutRequest>
<saml2:Issuer>...</saml2:Issuer>...
</saml2p:LogoutRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
[3]Response : Moved Temporarily, Status Code : 302
[4]Response : Internal Server Error, Status Code : 500
Reference :
http://docs.spring.io/spring-security-saml/docs/current/reference/html/chapter-quick-start.html
https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf