I am using Spring SAML extension and PingFederate as a IDP server. Now when I am initiating global logout from SP (service provider) then it only invalidate the SP session not IDP server session. Means even after global logout when I again try to login (using SP initiated)then it allow to login directly without asking user login credentials.
I noticed that in SAML single logout request relayState parameter is missing, though it is there in other SP application that is working fine (demo SP application provided by PingFederate). I tried to add relayState property in securityContext.xml file (refer below snippet) but still relayState is not a part of logout request parameter.
<bean id="samlEntryPoint" class="org.springframework.security.saml.SAMLEntryPoint">
<property name="defaultProfileOptions">
<bean class="org.springframework.security.saml.websso.WebSSOProfileOptions">
<property name="relayState" value="http://192.168.1.73:8080/adeptia"/>
<property name="includeScoping" value="true"/>
</bean>
</property>
</bean>
Please let me know what is the use of relayState parameter and what's the possible value and how to include it in SAML logout request.