Closed
Description
When configuring the SAML logout configuration the LogoutFilter is ordered last. It turns out that the org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer configures a standard org.springframework.security.web.authentication.logout.LogoutFilter and tries to order it before an already existing org.springframework.security.web.authentication.logout.LogoutFilter which doesn't have any effect and the added filter isn't ordered before the existing filter. My solution was to just extend the org.springframework.security.web.authentication.logout.LogoutFilter and add that instead so the ordering works.