saml-client icon indicating copy to clipboard operation
saml-client copied to clipboard

Published 20 hours ago verified publisher icon coveooss

There's no method to validate LogoutRequest without specifying NameID

Open imvishalpatel opened this issue 4 years ago • 0 comments

Processing a POST containing the SAML logout request method in SamlClient always expect NameID but in my case, I'm not getting NameID as an additional parameter from IDP in the parameters.

The method I'm using is: https://github.com/coveooss/saml-client/blob/7d334b40558aaa02d3931e0db21c8d39dde5f640/src/main/java/com/coveo/saml/SamlClient.java#L871

There should be an overloaded method that should validate the LogoutRequest but without NameID.

Like below.

/**
   * Processes a POST containing the SAML logout request.
   *
   * @param request the {@link HttpServletRequest}.
   * @return An {@link LogoutRequest} object containing information decoded from the SAML Logout
   *         Request.
   * @throws SamlException thrown is an unexpected error occurs.
   */
  public LogoutRequest processLogoutRequestPostFromIdentityProvider(HttpServletRequest request)
      throws SamlException {
    String encodedResponse = request.getParameter(HTTP_REQ_SAML_PARAM);
    return decodeSamlLogoutRequest(encodedResponse, request.getMethod());
  }

imvishalpatel avatar Sep 16 '20 08:09 imvishalpatel