Expected Behavior
The SAML Single Logout (initiated by relying party) should use LogoutConfigurer.getLogoutRequestMatcher(...), combined with Saml2LogoutConfigurer.Saml2RequestMatcher to detect logout requests.
It would also be great if the logoutMatcher could be customized, because Saml2LogoutConfigurer.Saml2RequestMatcher is not always desirable.
Current Behavior
Currently, only a single logout URL can be configured with Saml2LogoutConfigurer, while LogoutConfigurer allows full customization of the RequestMatcher. If that matcher is not a simple "must be a POST to a single URL", the LogoutFilter created by Saml2LogoutConfigurer cannot be configured appropriately.
Context
I have an application with different logout URLs that redirect the user to different logout success URLs. That requires a complex RequestMatcher in LogoutConfigurer, and it cannot currently be done in Saml2LogoutConfigurer.
Workaround: Configure an ObjectPostProcessor on Saml2LogoutConfigurer that creates the LogoutFilter from scratch.
Naming might get a bit messy here, because logoutRequestMatcher might mean "request matcher for the logout" or "matcher for the SAML LogoutRequest".
Expected Behavior
The SAML Single Logout (initiated by relying party) should use
LogoutConfigurer.getLogoutRequestMatcher(...), combined withSaml2LogoutConfigurer.Saml2RequestMatcherto detect logout requests.It would also be great if the
logoutMatchercould be customized, becauseSaml2LogoutConfigurer.Saml2RequestMatcheris not always desirable.Current Behavior
Currently, only a single logout URL can be configured with
Saml2LogoutConfigurer, whileLogoutConfigurerallows full customization of theRequestMatcher. If that matcher is not a simple "must be a POST to a single URL", theLogoutFiltercreated bySaml2LogoutConfigurercannot be configured appropriately.Context
I have an application with different logout URLs that redirect the user to different logout success URLs. That requires a complex
RequestMatcherinLogoutConfigurer, and it cannot currently be done inSaml2LogoutConfigurer.Workaround: Configure an
ObjectPostProcessoronSaml2LogoutConfigurerthat creates theLogoutFilterfrom scratch.Naming might get a bit messy here, because
logoutRequestMatchermight mean "request matcher for the logout" or "matcher for the SAML LogoutRequest".