KEYCLOAK-4216 Fix NPE and logout binding choice

services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java

@@ -245,9 +245,9 @@ public class SamlProtocol implements LoginProtocol {
         String logoutPostUrl = client.getAttribute(SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE);
         String logoutRedirectUrl = client.getAttribute(SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE);
 
-        if (logoutPostUrl == null) {
+        if (logoutPostUrl == null || logoutPostUrl.trim().isEmpty()) {
             // if we don't have a redirect uri either, return true and default to the admin url + POST binding
-            if (logoutRedirectUrl == null)
+            if (logoutRedirectUrl == null || logoutRedirectUrl.trim().isEmpty())
                 return true;
             return false;
         }
@@ -262,7 +262,7 @@ public class SamlProtocol implements LoginProtocol {
         if (SAML_POST_BINDING.equals(bindingType))
             return true;
 
-        if (logoutRedirectUrl == null)
+        if (logoutRedirectUrl == null || logoutRedirectUrl.trim().isEmpty())
             return true; // we don't have a redirect binding url, so use post binding
 
         return false; // redirect binding

services/src/main/java/org/keycloak/protocol/saml/SamlService.java

@@ -347,7 +347,8 @@ public class SamlService extends AuthorizationEndpointBase {
             AuthenticationManager.AuthResult authResult = authManager.authenticateIdentityCookie(session, realm, false);
             if (authResult != null) {
                 String logoutBinding = getBindingType();
-                if (samlClient.forcePostBinding())
+                String postBindingUri = SamlProtocol.getLogoutServiceUrl(uriInfo, client, SamlProtocol.SAML_POST_BINDING);
+                if (samlClient.forcePostBinding() && postBindingUri != null && ! postBindingUri.trim().isEmpty())
                     logoutBinding = SamlProtocol.SAML_POST_BINDING;
                 boolean postBinding = Objects.equals(SamlProtocol.SAML_POST_BINDING, logoutBinding);