Issues with Logout

[bbende]

When creating a SamlClient from metadata, it sets identityProviderUrl to the SingleSignOnService location, but nothing ever pulls out the SingleLogoutService. So later if you call one of the logout helpers, it will send a LogoutRequest to the SingSignOnService instead of the SingleLogoutService.

https://github.com/coveooss/saml-client/blob/master/src/main/java/com/coveo/saml/SamlClient.java#L897

To work around this I wrote this code where I hard coded the URL of the SingleLogoutService:

final String logoutRequest = samlClient.getLogoutRequest(userIdentity);

        Map<String, String> values = new HashMap<>();
        values.put("SAMLRequest", logoutRequest);
        if (relayState != null) {
            values.put("RelayState", relayState);
        }

        BrowserUtils.postUsingBrowser(singleLogoutUrl, response, values);

The IDP responded with a 400 "Error processing LogoutRequest. Single Logout Response Service location not found"

I compared the request with a LogoutRequest from a different application that uses spring-security-saml and succeeded, and the main difference I can see is the request that succeeded had a Destination attribute on the root element.

Currently SamlClient only sets that on the login request:
https://github.com/coveooss/saml-client/blob/master/src/main/java/com/coveo/saml/SamlClient.java#L779

But doesn't set that on the logout request:
https://github.com/coveooss/saml-client/blob/master/src/main/java/com/coveo/saml/SamlClient.java#L803