SAML 2.0 Single logout with pac4j library in java application

Question

I am using SAML 2.0 and trying to perform single logout using pac4j library in my java application without using spring security and I am currently new to this and don’t know how to proceed, so if anyone can share some solutions or what needed to be done?

I tried to call methods given by pac4j for logout but nothing happens. IDP session remains active.

Answer 1

See these:

• https://www.pac4j.org/docs/clients/saml.html#3-additional-configuration
• https://www.pac4j.org/docs/clients/saml.html#4-logout

If you are passing an IdP XML file via identityProviderMetadataPath to your SAML2Configuration that is provided to your SAML2Client then that XML file needs to define the SingleLogoutService. Here is an example of the definition for a SimpleSAMLphp IdP.

<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://idp-domain/simplesamlphp/saml2/idp/SingleLogoutService.php"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://idp-domain/simplesamlphp/saml2/idp/SingleLogoutService.php"/>

That should configure the SAML2Client to perform single logout, alerting the IdP the user logged out when they logout from the service provider.

The documentation seems to be outdated because it specifies:

You can define the binding type for the SP logout request via the setSpLogoutRequestBindingType method.

However that method no longer exists anywhere in pac4j 6.0.1 (latest as of right now) that I can find: https://github.com/search?q=repo%3Apac4j%2Fpac4j%20setSpLogoutRequestBindingType&type=code