Why am I getting Endpoint "logout/" not handled by mod_auth_mellon when attempting to logout of my application

Question

I am running apache 2.4.7 on an oraclelinux 8.5 compute instance. I have the mod_auth_mellon 0.14 module installed and configured per all the documentation.

I have succeeded in performing an sp-initiated sso login to my application, but when I attempt to logout of the sso session using the following url:

https://example.com/mellon/logout/?ReturnTo=/logout.html

I get a 404 page not found error.

After enabling mellon diagnostics I see the following error message at the end of the request diagnostics for this GET request:

[APLOG_ERR auth_mellon_handler.c:3551] Endpoint "logout/" not handled by mod_auth_mellon

My sp_metadata.xml file is as follows:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor
 entityID="https://example.com/mellon/metadata"
 xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
 <SPSSODescriptor
   AuthnRequestsSigned="true"
   WantAssertionsSigned="true"
   protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
   <KeyDescriptor use="signing">
     <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
       <ds:X509Data>
         <ds:X509Certificate>MIICvDCCAaQCCQDRIF/j7C1rITANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVh
Y3JkZXYub3JhY2xlY29ycC5jb20wHhcNMjIwNjIyMjIyNjA5WhcNMzIwNjIxMjIy
NjA5WjAgMR4wHAYDVQQDDBVhY3JkZXYub3JhY2xlY29ycC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKGLl90UeL+CSb8+7KtlxSUBy87RIlQ2l8
jtzftHsOOOX+L2gZFPPxmj5fP8R2pWJq4rjt06BES8lV2bP7Cn9H+Xu8cqKxsnYl
ArMqZu0StHYSdATx0WDF8Ay3NFdmytOYOK8tYjWt5ZP/zb5FGqKbjh4JdxwZL62C
FsnGYVOubpsu+A7WBZ2lKhZws1kdWmKY+tsFg9veSb4P0L6eprQ1GmVoB4RFSzfM
A1QgnTqbK0cqzNKOFEtQXbSjFkCAtQIHb1wvcByCTjbhT5/RW8y2Vqs+d9pmcN45
9FZ5rX8Jz5iCuA/R1OJeVgeDBC+XKEtQTNLteg/eMsumWde7XVFNAgMBAAEwDQYJ
KoZIhvcNAQELBQADggEBAATelS0+K50iIzj3LB0U/3zU+ASfVEZmGKE9C0LqrQph
8nqmb6MkbnrwcYfY6qsgDlmukWzv5p6K9FgD/CzN78wnoGazFpjFo2t1HszUJPj8
PEcoS8ry92MWkA4WV+R2lZ2y0fDrlqHBY9I27d30I+WokiLoVcfaMfOnC6sdovV8
+zkvyEzqFwSxZ66EDKR0Zg2ksVrrl+QSeAAacUNRKl8ePYHmraBwYIdFzTdZtz/u
TGKeRlNCO7Fqpx343h007ynzkTq0ZePiJVT2jAMkWqx66JeUno08omCrcAq4mZxw
cqN27U4MmNcNITE0C2l9rJDP7lAXcla/DN2V/mH5iD4=</ds:X509Certificate>
       </ds:X509Data>
     </ds:KeyInfo>
   </KeyDescriptor>
   <KeyDescriptor use="encryption">
     <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
       <ds:X509Data>
         <ds:X509Certificate>MIICvDCCAaQCCQDRIF/j7C1rITANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVh
Y3JkZXYub3JhY2xlY29ycC5jb20wHhcNMjIwNjIyMjIyNjA5WhcNMzIwNjIxMjIy
NjA5WjAgMR4wHAYDVQQDDBVhY3JkZXYub3JhY2xlY29ycC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKGLl90UeL+CSb8+7KtlxSUBy87RIlQ2l8
jtzftHsOOOX+L2gZFPPxmj5fP8R2pWJq4rjt06BES8lV2bP7Cn9H+Xu8cqKxsnYl
ArMqZu0StHYSdATx0WDF8Ay3NFdmytOYOK8tYjWt5ZP/zb5FGqKbjh4JdxwZL62C
FsnGYVOubpsu+A7WBZ2lKhZws1kdWmKY+tsFg9veSb4P0L6eprQ1GmVoB4RFSzfM
A1QgnTqbK0cqzNKOFEtQXbSjFkCAtQIHb1wvcByCTjbhT5/RW8y2Vqs+d9pmcN45
9FZ5rX8Jz5iCuA/R1OJeVgeDBC+XKEtQTNLteg/eMsumWde7XVFNAgMBAAEwDQYJ
KoZIhvcNAQELBQADggEBAATelS0+K50iIzj3LB0U/3zU+ASfVEZmGKE9C0LqrQph
8nqmb6MkbnrwcYfY6qsgDlmukWzv5p6K9FgD/CzN78wnoGazFpjFo2t1HszUJPj8
PEcoS8ry92MWkA4WV+R2lZ2y0fDrlqHBY9I27d30I+WokiLoVcfaMfOnC6sdovV8
+zkvyEzqFwSxZ66EDKR0Zg2ksVrrl+QSeAAacUNRKl8ePYHmraBwYIdFzTdZtz/u
TGKeRlNCO7Fqpx343h007ynzkTq0ZePiJVT2jAMkWqx66JeUno08omCrcAq4mZxw
cqN27U4MmNcNITE0C2l9rJDP7lAXcla/DN2V/mH5iD4=</ds:X509Certificate>
       </ds:X509Data>
     </ds:KeyInfo>
   </KeyDescriptor>
   <SingleLogoutService
     Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
     Location="https://example.com/mellon/logout" />
   <SingleLogoutService
     Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
     Location="https://example.com/mellon/logout" />
   <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
   <AssertionConsumerService
     index="0"
     isDefault="true"
     Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
     Location="https://example.com/mellon/postResponse" />
   <AssertionConsumerService
     index="1"
     Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
     Location="https://example.com/mellon/artifactResponse" />
   <AssertionConsumerService
     index="2"
     Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
     Location="https://example.com/mellon/paosResponse" />
 </SPSSODescriptor>
</EntityDescriptor>

Answer 1

According to the documentation here: https://github.com/latchset/mod_auth_mellon#logging-out

Your syntax is incorrect.

It should be:
https://example.com/mellon/logout?ReturnTo=/logout.html
(notice the removed slash after logout)