To logout an user from the SP an LogoutRequest is sent. The data needed about the user is the SessionIndex and NameID from the data recived at login. I my case in the Assertion in the Artifact Resolve Response.
//IPR Ergogroup AS public static void doSynchronousLogout(final HttpSession sessionToLogout, final SAMLMetaData metaData) throws SOAPException, SecurityException, ValidationException, IllegalArgumentException, java.lang.SecurityException, IllegalAccessException, MarshallingException, SignatureException { NameID nameId = (NameID)sessionToLogout.getAttribute("SAMLNameID"); String sessionIndex = (String)sessionToLogout.getAttribute("SAMLSessionIndex"); Body body = buildSAMLObjectWithDefaultName(Body.class); LogoutRequest logoutRequest = genererateLogoutRequest(nameId, sessionIndex, metaData); signLogoutRequest(logoutRequest); body.getUnknownXMLObjects().add(logoutRequest); nameId.detach(); Envelope envelope = buildSAMLObjectWithDefaultName(Envelope.class); envelope.setBody(body); SAMLUtil.logSAMLObject(envelope); BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext(); soapContext.setOutboundMessage(envelope); HttpClientBuilder clientBuilder = new HttpClientBuilder(); HttpSOAPClient soapClient = new HttpSOAPClient(clientBuilder.buildClient(), new BasicParserPool()); String sloServiceURL = null; for (SingleLogoutService sls : metaData.getIdpEntityDescriptor().getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) { if (sls.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) { sloServiceURL = sls.getLocation(); } } soapClient.send(sloServiceURL, soapContext); Envelope soapResponse = (Envelope)soapContext.getInboundMessage(); SAMLUtil.logSAMLObject(soapResponse); validateSLOResponse(soapResponse, logoutRequest.getID()); verifySLOResponseSignature(soapResponse); processSLOResponse(soapResponse); } private static LogoutRequest genererateLogoutRequest(final NameID nameId, final String sessionIndex, final SAMLMetaData metaData) throws IllegalArgumentException, java.lang.SecurityException, IllegalAccessException { LogoutRequest logoutRequest = buildSAMLObjectWithDefaultName(LogoutRequest.class); logoutRequest.setID(SAMLUtil.getSecureRandomIdentifier()); for (SingleLogoutService sls : metaData.getIdpEntityDescriptor().getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) { if (sls.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) { logoutRequest.setDestination(sls.getLocation()); } } logoutRequest.setIssueInstant(new DateTime()); Issuer issuer = buildSAMLObjectWithDefaultName(Issuer.class); issuer.setValue(EvoteProperties.getProperty("SPEntityId")); logoutRequest.setIssuer(issuer); SessionIndex sessionIndexElement = buildSAMLObjectWithDefaultName(SessionIndex.class); sessionIndexElement.setSessionIndex(sessionIndex); logoutRequest.getSessionIndexes().add(sessionIndexElement); logoutRequest.setNameID(nameId); return logoutRequest; }
LogoutRequest sent:
my-alias Sn7qX8Yf4Pcs6SLl4Yn0NyEx6P0= cE3wgjeM+45uk/XVNQl+1NZKeRwRzFnJN9xaL/36vnXqu6eLBqs8eqdQ2a+yY9UkZz0gU1NrTqUMQgIANw1WfkL2a+sxQqqu2p4ggXKNwHiMWbyfPEUkxQM4wSwr3ECObjyVqrgPDA+4TiDyqPj2NBtZGo8WU3fvpOGQkQN19f0= MIIBrzCCARigAwIBAgIETTWluTANBgkqhkiG9w0BAQUFADAcMRowGAYDVQQDExFzdGVyYXMuZXZh bGcuZXJnbzAeFw0xMTAxMTgxNDM3NDVaFw0yMTAxMTUxNDM3NDVaMBwxGjAYBgNVBAMTEXN0ZXJh cy5ldmFsZy5lcmdvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCy96UiOiuQcDQMVNorHKWC u8lAqHCpdgL8SEKsBven1e9Bek5VSspQdyh8Q/t8hmISZq0oEEvtcbZivV1hGQKQIWjTU/utSxGl ZDbPNweuxNH6JHiNzDSzbNiMkdBJcy/Szfdx8HGpbnpXrpU+ICNnQl5Ee2V48hlkcH7jwlCMzwID AQABMA0GCSqGSIb3DQEBBQUAA4GBABxQKfXHtomdAlXd+umpCyUUOgcs5shu4HHXr9m48H+YPCXs kLwqzDe49WWaX9h7cLClVsHviAccno52Pj7mQfjKgvg1J3JHhTLINTrbgZ1e7mNtiJ9Lez2awbIt v7RKU+R2AyiU6wHsjPGN+CQuiT9lZNWQMOih1R+yHT04kkl8 puEYi51x6aylfgXbBJTLSTTxOqck s2ce6f528812bbf545358af381cc864c575e9cb901
This is the resulting LogoutResponse in my case:
idp-alias CDFFLlD2FX8fjlPJLKpJZRusnx0= cKgVEfLR48x7urpH+TV+V1gHYnVhc/ErkMhwp17rjAMfjHKHk0EPgH2+aOV7Z83udbfr0RPKF5Zd Mg0zq1KIm29RsqUsUYNKKNiYPlEkBIoHPcc2AhftpA/VNRjea7q2W9+y6XV2YWjzGnArrfflv1KM 1t5C89Vz/VB0jQdJvMU= Request is done successfully