Fix logoutRequestRepository not set on Saml2RelyingPartyInitiatedLogoutSuccessHandler

[sawprogramming]

When using XML to configure Spring Security for SAML, the logoutRequestRepository is not set on the Saml2RelyingPartyInitiatedLogoutSuccessHandler like it should be. See how it is properly set using the Java DSL (:

private Saml2RelyingPartyInitiatedLogoutFilter createRelyingPartyLogoutFilter(
		RelyingPartyRegistrationRepository registrations) {
	LogoutHandler[] logoutHandlers = this.logoutHandlers.toArray(new LogoutHandler[0]);
	Saml2RelyingPartyInitiatedLogoutSuccessHandler logoutRequestSuccessHandler = createSaml2LogoutRequestSuccessHandler(
			registrations);
	logoutRequestSuccessHandler.setLogoutRequestRepository(this.logoutRequestConfigurer.logoutRequestRepository);
	Saml2RelyingPartyInitiatedLogoutFilter logoutFilter = new Saml2RelyingPartyInitiatedLogoutFilter(
			logoutRequestSuccessHandler, logoutHandlers);
	logoutFilter.setLogoutRequestMatcher(createLogoutMatcher());
	return postProcess(logoutFilter);
}

Without this fix, SAML configurations that use custom logout request repositories do not work for RP-initiated logouts.

[pivotal-cla]

@sawprogramming Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

[pivotal-cla]

@sawprogramming Thank you for signing the Contributor License Agreement!

[jzheaux]

Thank you, @sawprogramming, for catching this. This seems to be a bug and so I'd like to apply it first to 6.2.x. Are you able to rebase your branch with 6.2.x?

Also, are you able to add a test to Saml2LogoutBeanDefinitionParserTests, like this one in the related Java Config commit?

I can also help with either or both, so please feel free to ask.

Finally, would you also change the commit title to resemble the one from that commit? You might do:

Set LogoutRequestRepository on Saml2 LogoutSuccessHandler in XML

Closes gh-16093

[sawprogramming]

@jzheaux I don't how to rebase my branch with 6.2.x. I've tried a few things this morning, but I think I'm having trouble because I made the commit in the main branch of my fork, which corresponds to the main branch of Spring Security. What are the git commands I should run to perform the desired rebase for this pull request? Thank you in advance for your help!

[jzheaux]

Sure thing, @sawprogramming, I'm happy to help

Let's say that your remote origin points to spring-projects/spring-security and sawprogramming points to your fork, sawproramming/spring-security. In that case, you would do:

git fetch origin
git checkout 6.2.x
git checkout -b gh-16093 # this new branch is now based on 6.2.x
git cherry-pick 31400df485d92b1cc1d115e3f21aa23f32404653 # the commit tied to this PR
# now make the requested changes

Once your changes are done, commit in the following way:

git commit --amend # change the commit message

And then push:

git push sawprogramming gh-16093

At that point, you will create a new PR that requests gh-16093 into 6.2.x.

Once you see that the PR looks right, go back to your command line and do:

git checkout main
git reset --hard origin/main
git push sawprogramming +main

This will remove the commit from main and update your main branch to match Spring Security again.

I realize this may seem like a lot. Next time if you create a branch then your main line isn't affected. Also, that allows me to push polish commits to your branch, should that be needed.

Let me know how it goes.

[jzheaux]

@sawprogramming I had a few minutes and so I went ahead and applied the commits manually so that you don't have to go through the above git rework.

This is merged to 6.3.x, 6.4.x, and main. Also note that I added a polish of 643a3f1 to add a test and ensure that the change continues to work over time.

Thanks again for the contribution.

[sawprogramming]

Thank you, @jzheaux!