Spring SAML2 integrate with Azure

Question

I created a project with spring SAML2, i'm trying to integrate it with Azure AD, now single sign on flow looks pretty good, but single logout is not work properly.

I debugged the spring SAML2 implementation, it expected a signed SLO response, but actually Azure SLO response is non-signed, i already set sign option to Sign SAML response and assertions Anything else i need to configure to make SLO work? thanks.

Saml2LogoutResponseFilter.java

protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {     
	...     
	Saml2LogoutValidatorResult result = this.logoutResponseValidator.validate(parameters); 
    ... 
}

OpenSamlLogoutResponseValidator.java

private Consumer

Answer 1

@xh I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

Issue:

Resolved by @xh

According this thread learn.microsoft.com/en-us/answers/questions/1184652/…, i modified spring source code to skip signature verification for SLO response

Answer 2

According this thread [learn.microsoft.com/en-us/answers/questions/1184652/…](https://learn.microsoft.com/en-us/answers/questions/1184652/invalid-signature-of-saml-logout-response-in-keycl"invalid signature of saml logout response in keycl"), i modified spring source code to skip signature verification for SLO response