With global logout from Identity provider side local session and authentication remain active and valid

[surkoff-v]

Hi, my idp supports global logout, and it posts SAML on /saml/logout/. SAMLLogoutFilter get this request and when SecurityContextLogoutHandler do HttpSession session = request.getSession(false); SecurityContext context = SecurityContextHolder.getContext(); they both are null. But when global logout is made from my application if (auth != null && isGlobalLogout(request, auth)) is true and all works fine.

It's seems that with SLO from idp we are in another session with no auth. Where is my mistake ? How can i make this work ?

PS: idp sends correct samlp:SessionIndex in logout saml