Skip to content

SAML relying party logout filter is always ordered last #14525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
aspan opened this issue Feb 1, 2024 · 1 comment
Closed

SAML relying party logout filter is always ordered last #14525

aspan opened this issue Feb 1, 2024 · 1 comment
Assignees
@jzheaux
Labels
in: saml2 An issue in SAML2 modules status: duplicate A duplicate of another issue type: bug A general bug

Comments

@aspan
Copy link
Contributor

aspan commented Feb 1, 2024

When configuring the SAML logout configuration the LogoutFilter is ordered last. It turns out that the org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer configures a standard org.springframework.security.web.authentication.logout.LogoutFilter and tries to order it before an already existing org.springframework.security.web.authentication.logout.LogoutFilter which doesn't have any effect and the added filter isn't ordered before the existing filter. My solution was to just extend the org.springframework.security.web.authentication.logout.LogoutFilter and add that instead so the ordering works.
@aspan aspan added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Feb 1, 2024
@jzheaux jzheaux self-assigned this Feb 5, 2024
@jzheaux jzheaux added in: saml2 An issue in SAML2 modules and removed status: waiting-for-triage An issue we've not yet triaged labels Feb 5, 2024
@jzheaux
Copy link
Contributor

jzheaux commented Feb 5, 2024

Thanks, @aspan! Closing in favor of #14526

@jzheaux jzheaux closed this as completed Feb 5, 2024
@jzheaux jzheaux mentioned this issue Feb 5, 2024
Closed
@aspan aspan mentioned this issue Feb 5, 2024
Merged
jzheaux pushed a commit that referenced this issue Feb 5, 2024
@aspan @jzheaux
Saml2 LogoutFilter Is Placed Before Common LogoutFilter
07e0b1d 
Closes gh-14525
jzheaux added a commit that referenced this issue Feb 5, 2024
@jzheaux
Fix Compilation Errors
7c3a6a5 
Issue gh-14525
@jzheaux jzheaux added the status: duplicate A duplicate of another issue label Feb 5, 2024
This was referenced Feb 5, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: saml2 An issue in SAML2 modules status: duplicate A duplicate of another issue type: bug A general bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aspan @jzheaux