SAML 2.0 Logout filters should consider RelyingPartyRegistration logout properties

[marcusdacoregio]

Describe the bug
Each RelyingParty can specify its own logout URL properties, but doing that results in having to change the RequestMatcher used by Saml2LogoutRequest/ResponseFilter manually to match those different URLs. It could be confusing to allow multiple relying parties to be defined with different locations that ultimately have no effect (or an undefined effect) on the behavior.

In both the logout request and logout response filters, the payload validation is going to check the URI against the registration's configured URI anyway. With that said, we should resolve the RequestMatcher based on what's in the RelyingPartyRegistration.

Expected behavior
Saml2LogoutRequestFilter and Saml2LogoutResponseFilter should consider singleLogoutServiceLocation and singleLogoutServiceResponseLocation in the RequestMatcher.

Related:

• Allow customization of single logout in auto-configured SAML relying party registration spring-boot#30128

[marcusdacoregio]

Both the login filters and logout filters match on requests that contain either SAMLRequest or SAMLResponse as a parameter. If the Logout filters match on any request, they will try to process requests for login as well, causing problems.