Remove SAML 2.0 Logout Default

Closes gh-10607

docs/modules/ROOT/pages/servlet/saml2/logout.adoc

@@ -35,6 +35,7 @@ RelyingPartyRegistrationRepository registrations() {
     RelyingPartyRegistration registration = RelyingPartyRegistrations
             .fromMetadataLocation("https://ap.example.org/metadata")
             .registrationId("id")
+            .singleLogoutServiceLocation("{baseUrl}/logout/saml2/slo")
             .signingX509Credentials((signing) -> signing.add(credential)) <1>
             .build();
     return new InMemoryRelyingPartyRegistrationRepository(registration);
@@ -73,6 +74,10 @@ Also, your application can participate in an AP-initiated logout when the assert
 3. Create, sign, and serialize a `<saml2:LogoutResponse>` based on the xref:servlet/saml2/login/overview.adoc#servlet-saml2login-relyingpartyregistration[`RelyingPartyRegistration`] associated with the just logged-out user
 4. Send a redirect or post to the asserting party based on the xref:servlet/saml2/login/overview.adoc#servlet-saml2login-relyingpartyregistration[`RelyingPartyRegistration`]
 
+NOTE: Adding `saml2Logout` adds the capability for logout to the service provider.
+Because it is an optional capability, you need to enable it for each individual `RelyingPartyRegistration`.
+You can do this by setting the `RelyingPartyRegistration.Builder#singleLogoutServiceLocation` property.
+
 == Configuring Logout Endpoints
 
 There are three behaviors that can be triggered by different endpoints:

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java

@@ -1014,7 +1014,7 @@ public final class RelyingPartyRegistration {
 
 		private Saml2MessageBinding assertionConsumerServiceBinding = Saml2MessageBinding.POST;
 
-		private String singleLogoutServiceLocation = "{baseUrl}/logout/saml2/slo";
+		private String singleLogoutServiceLocation;
 
 		private String singleLogoutServiceResponseLocation;