Remove the need for LogoutController

Author: LEDfan

src/main/java/eu/openanalytics/containerproxy/auth/IAuthenticationBackend.java

@@ -59,7 +59,11 @@ public interface IAuthenticationBackend {
 	public default String getLogoutSuccessURL() {
 		return "/login";
 	}
-	
+
+	public default String getLogoutURL() {
+		return "/logout";
+	}
+
 	public default void customizeContainer(ContainerSpec spec) {
 		// Default: do nothing.
 	}

src/main/java/eu/openanalytics/containerproxy/auth/impl/SAMLAuthenticationBackend.java

@@ -86,6 +86,14 @@ public void configureAuthenticationManagerBuilder(AuthenticationManagerBuilder a
         auth.authenticationProvider(samlAuthenticationProvider);
 	}
 
+	@Override
+	public String getLogoutURL() {
+		if (environment.getProperty("proxy.saml.logout-url") != null) {
+			return "/logout";
+		}
+		return "/saml/logout";
+	}
+
 	@Override
 	public String getLogoutSuccessURL() {
 		String logoutURL = environment.getProperty("proxy.saml.logout-url");

src/main/java/eu/openanalytics/containerproxy/auth/impl/saml/SAMLConfiguration.java

@@ -55,12 +55,7 @@
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.saml.SAMLAuthenticationProvider;
-import org.springframework.security.saml.SAMLBootstrap;
-import org.springframework.security.saml.SAMLCredential;
-import org.springframework.security.saml.SAMLEntryPoint;
-import org.springframework.security.saml.SAMLLogoutFilter;
-import org.springframework.security.saml.SAMLProcessingFilter;
+import org.springframework.security.saml.*;
 import org.springframework.security.saml.context.SAMLContextProvider;
 import org.springframework.security.saml.context.SAMLContextProviderImpl;
 import org.springframework.security.saml.key.EmptyKeyManager;
@@ -128,6 +123,16 @@ public SAMLLogoutFilter samlLogoutFilter() {
 				new LogoutHandler[]{userLogoutHandler, securityContextLogoutHandler()});
 	}
 
+	/**
+	 * Filter responsible for the `/saml/SingleLogout` endpoint. This makes it possible for users to logout in the IDP
+	 * or any other application and get automatically logged out in ShinyProxy as well.
+	 */
+	@Bean
+	public SAMLLogoutProcessingFilter samlLogoutProcessingFilter() {
+		return new SAMLLogoutProcessingFilter(successLogoutHandler(),
+				securityContextLogoutHandler());
+	}
+
 	@Bean
 	public SecurityContextLogoutHandler securityContextLogoutHandler() {
 		SecurityContextLogoutHandler logoutHandler = new SecurityContextLogoutHandler();
@@ -322,6 +327,7 @@ public SAMLFilterSet samlFilter() throws Exception {
 		List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();
 		chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"), samlEntryPoint()));
 		chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"), samlLogoutFilter()));
+		chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"), samlLogoutProcessingFilter()));
 		chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"), samlWebSSOProcessingFilter()));
 		return new SAMLFilterSet(chains);
 	}

src/main/java/eu/openanalytics/containerproxy/security/WebSecurityConfig.java

@@ -135,7 +135,9 @@ protected void configure(HttpSecurity http) throws Exception {
 					.loginPage("/login")
 					.and()
 				.logout()
-					.logoutRequestMatcher(new AntPathRequestMatcher("/simple/logout"))
+					.logoutUrl(auth.getLogoutURL())
+					// important: set the next option after logoutUrl because it would otherwise get overwritten
+					.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
 					.addLogoutHandler(logoutHandler)
 					.logoutSuccessUrl(auth.getLogoutSuccessURL());