Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to Check whether a valid session is still existing at IDP?

I've implemented SSO using Spring Security SAML. Here is what currently working for me:

When I try to access any resource at SP, I'm redirected to my IdP(idp.ssocircle.com in my case) if I'm not logged in already. After successful authentication at IDP, I'm redirected back to SP and authorize the incoming SAML response and create a session for the respective user. Everything is cool till here! But when I log out from my IDP(by clicking logout from idp.ssocircle.com externally), I shouldn't be able to access my SP which is not happening in my case. Now what I'm thinking to do is may be write a new filter which checks for a valid session at IDP before processing any request on SP. I've searched a lot but couldn't find any solution to my problem.

Please give inputs on how can I implement this filter or is there any other way of doing this? Any suggestions are appreciated.

like image 380
abhilash Avatar asked Oct 01 '22 05:10

abhilash


1 Answers

Does your IDP support and correctly initialize Single Logout? If so it could be related to this issue, just update to latest Spring SAML version or change property invalidateHttpSession in your logout handler to true:

<bean id="logoutSessionHandler"
  class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
  <property name="invalidateHttpSession" value="true"/>
</bean>
like image 195
Vladimír Schäfer Avatar answered Oct 05 '22 10:10

Vladimír Schäfer