Expected Behavior

The SAML Single Logout (initiated by relying party) should use LogoutConfigurer.getLogoutRequestMatcher(...), combined with Saml2LogoutConfigurer.Saml2RequestMatcher to detect logout requests.

It would also be great if the logoutMatcher could be customized, because Saml2LogoutConfigurer.Saml2RequestMatcher is not always desirable.

Current Behavior

Currently, only a single logout URL can be configured with Saml2LogoutConfigurer, while LogoutConfigurer allows full customization of the RequestMatcher. If that matcher is not a simple "must be a POST to a single URL", the LogoutFilter created by Saml2LogoutConfigurer cannot be configured appropriately.

Context

I have an application with different logout URLs that redirect the user to different logout success URLs. That requires a complex RequestMatcher in LogoutConfigurer, and it cannot currently be done in Saml2LogoutConfigurer.

Workaround: Configure an ObjectPostProcessor on Saml2LogoutConfigurer that creates the LogoutFilter from scratch.

Naming might get a bit messy here, because logoutRequestMatcher might mean "request matcher for the logout" or "matcher for the SAML LogoutRequest".