Spring SAML Single Logout - NameID format mismatch

233 views Asked by At

This is related to Spring Security SAML One Login Global Single Logout LogoutRequest Parsing Issue

The problem here is that the NameID format is not matching, as per:

private boolean equalsNameID(NameID a, NameID b) {
    boolean equals = !differ(a.getSPProvidedID(), b.getSPProvidedID());
    equals = equals && !differ(a.getValue(), b.getValue());
    equals = equals && !differ(a.getFormat(), b.getFormat());
    equals = equals && !differ(a.getNameQualifier(), b.getNameQualifier());
    equals = equals && !differ(a.getSPNameQualifier(), b.getSPNameQualifier());
    equals = equals && !differ(a.getSPProvidedID(), b.getSPProvidedID());
    return equals;
}

It's failing ONLY on:

equals = equals && !differ(a.getFormat(), b.getFormat());

Upon debugging, I found out the following values:

a.getFormat() = urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified (from Spring SAML)
b.getFormat() = null (from OneLogin acting as the IdP)

Is it possible to turn off the format check in Spring SAML via extended metadata properties (or in some other way)?

0

There are 0 answers