How to check if a valid session exists in IDP?

Question

How to check if a valid session exists in IDP?

I implemented SSO using Spring SAML Security. Here is what works for me now:

When I try to access any resource in SP, I am redirected to my IdP (idp.ssocircle.com in my case) if I have not already logged in. After successfully authenticating with the IDP, I am redirected back to the SP and authorize the incoming SAML response and create a session for the corresponding user. Everything is cool here! But when I exit my IDP (causing the exit from the idp.ssocircle.com file from the outside), I should not have access to my SP, which does not happen in my case. Now what I'm going to do is write a new filter that checks for a valid session in IDP before processing any request to the SP. I searched a lot, but could not find a solution to my problem.

Please provide materials on how I can implement this filter, or is there any other way to do this? Any suggestions are welcome.

+4

spring spring-security spring-saml single-sign-on saml-2.0

abhilash Mar 25 '14 at 8:00

source share

1 answer

Vladimír Schäfer · Accepted Answer · 2014-04-14T19:22:49+0000

Does your IDP support and correctly initialize Single Logout? If so, this may be due to this problem , just upgrade to the latest Spring SAML or change the invalidateHttpSession property in your output handler to true:

<bean id="logoutSessionHandler"
  class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
  <property name="invalidateHttpSession" value="true"/>
</bean>

How to check if a valid session exists in IDP?

More articles: