logoutEndpoint on the SingleSignOnFilter does not take query parameters into consideration, see org/forgerock/openig/openam/SingleSignOnFilter.java:
It only checks the path. Customers may use query parameters to trigger logout on their application.
Application = http://app.example.com/app
Logout = http://app.example.com/app?appLogout
- Pay attention to backward compatibility
- Deprecate logoutEndpoint attribute in favour of a new attribute based on expression