spring-security-config/org.springframework.security.config.annotation.web/HttpSecurityDsl/saml2Logout

saml2Logout

fun saml2Logout(saml2LogoutConfiguration: Saml2LogoutDsl.() -> Unit)

Configures logout support for a SAML 2.0 Service Provider.

Implements the Single Logout Profile, using POST and REDIRECT bindings, as documented in the SAML V2.0 Core, Profiles and Bindings specifications.

As a prerequisite to using this feature, is that you have a SAML v2.0 Asserting Party to send a logout request to. The representation of the relying party and the asserting party is contained within RelyingPartyRegistration.

RelyingPartyRegistration (s) are composed within a RelyingPartyRegistrationRepository, which is required and must be registered with the ApplicationContext or configured via HttpSecurityDsl.saml2Login.

The default configuration provides an auto-generated logout endpoint at /logout and redirects to /login?logout when logout completes.

Example Configuration

The following example shows the minimal configuration required, using a hypothetical asserting party.

Example:

@Configuration
@EnableWebSecurity
class SecurityConfig {

    @Bean
    fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
        http {
            saml2Login {
                relyingPartyRegistration = getSaml2RelyingPartyRegistration()
            }
            saml2Logout { }
        }
        return http.build()
    }
}
Content copied to clipboard

Since

6.3

Parameters

saml2LogoutConfiguration

custom configuration to configure the SAML 2.0 service provider

See also

Generated by Dokka
© 2026 Copyright