Logout resulting in multiple redirects

[rakpan]

Hi,

This code is resulting in a multiple redirect loop when I have the logout success page is "/logout" instead of "/".

I suspect this has something to do with the logout configuration in HttpSecurity configuration method.
(Below code)
http
.logout()
.logoutSuccessUrl("/");

Please let me know if you agree with this.

[rakpan]

Just in case.. The way i fixed the issue is as below

        http
                .addFilterBefore(samlLogoutFilter(), LogoutFilter.class)
                .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
                .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);

        http
                .logout()
                .logoutUrl("/saml/logout/**")
                .logoutSuccessUrl("/logout");

and then commented out the code for logout filter below

public FilterChainProxy samlFilter() throws Exception {
    List<SecurityFilterChain> chains = new ArrayList<>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
            samlEntryPoint()));
    /*chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
            samlLogoutFilter())); */
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
            metadataDisplayFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
            samlWebSSOProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
            samlWebSSOHoKProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
            samlLogoutProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
            samlIDPDiscovery()));
    return new FilterChainProxy(chains);
}

[vdenotaris]

Thanks for your contribution.

[pavanjava]

Hi @rakpan

I want to configure multiple metadatageneratorFilters in the before filter can i do it as below since i have that i have two IDP's configured at the same application

`http
.addFilterBefore(xyzMetadataGeneratorFilter(),ChannelProcessingFilter.class)
.addFilterBefore(abcMetadataGeneratorFilter(),ChannelProcessingFilter.class)
.addFilterAfter(samlFilter(),BasicAuthenticationFilter.class);

@bean
public MetadataGeneratorFilter abcMetadataGeneratorFilter() {
return new MetadataGeneratorFilter(abcMetadataGenerator());
}

@bean
public MetadataGeneratorFilter xyzMetadataGeneratorFilter() {
return new MetadataGeneratorFilter(xyzMetadataGenerator());
}

@bean
public MetadataGenerator abcMetadataGenerator() {
MetadataGenerator metadataGenerator = new MetadataGenerator();
metadataGenerator.setEntityId("ABC-" + DEPLOYMENT_ENV);
metadataGenerator.setExtendedMetadata(extendedMetadata());
metadataGenerator.setIncludeDiscoveryExtension(false);
metadataGenerator.setKeyManager(keyManager());
return metadataGenerator;
}

@bean
public MetadataGenerator xyzMetadataGenerator() {
MetadataGenerator metadataGenerator = new MetadataGenerator();
metadataGenerator.setEntityId("XYZ-" + DEPLOYMENT_ENV);
metadataGenerator.setExtendedMetadata(extendedMetadata());
metadataGenerator.setIncludeDiscoveryExtension(false);
metadataGenerator.setKeyManager(keyManager());
return metadataGenerator;
}
`