Class SamlLogoutRequestHandler

java.lang.Object
org.elasticsearch.xpack.security.authc.saml.SamlObjectHandler
org.elasticsearch.xpack.security.authc.saml.SamlLogoutRequestHandler

public class SamlLogoutRequestHandler extends SamlObjectHandler
Processes a LogoutRequest for an IdP-initiated logout.
  • Method Details

    • parseFromQueryString

      public SamlLogoutRequestHandler.Result parseFromQueryString(String queryString)
      Processes the provided LogoutRequest and extracts the NameID and SessionIndex. Returns these in a SamlAttributes object with an empty attributes list.

      The recommended binding for Logout (for maximum interoperability) is HTTP-Redirect. Under this binding the signature is applied to the query-string (including parameter names and url-encoded/base64-encoded/deflated values). Therefore in order to properly validate the signature, this method operates on a raw query- string.

      Throws:
      ElasticsearchSecurityException - If the SAML is invalid for this realm/configuration