SAML logout on 9.0.2

Hi, I have a newly deployed 9.0.2 docker container with keycloak in. When I configure my application to use it, I cannot logout. I get an error in the console :
“Can’t finish SAML logout as there is no logout binding set. Please configure the logout service url in the admin console for your client applications.”

Which I have done, otherwise, it wouldn’t be getting back to keycloak!
The request :
method POST
body <?xml version="1.0" encoding="UTF-8"?><saml2p:LogoutRequest xmlns:saml2p=“urn:oasis:names:tc:SAML:2.0:protocol”
Destination=“” ID="_fa08ef61ab01a203eea85e4912515d9b" IssueInstant=“2020-04-06T19:09:40.000Z” Version=“2.0”><saml2:Issuer xmlns:saml2=“urn:oasis:names:tc:SAML:2.0:assertion”></saml2:Issuer><ds:Signature xmlns:ds=“”>

Shows a 400 error in the browser.

Configuring the SAML app to point at an old Keycloak I happen to still have (4.8.3) and logout suddenly works, with almost exactly the same config. (obviously changed the name of the KC server and had to create a new client on it etc. but using the same exported XML from the application)

So, is logout broken in 9.0.2 or completely different in some way??

I think I had this working in mid March (on 9.0.0 or a late 8.x maybe) so it is possibly just a 9.0.1 or 2 issue.

OK, I found that the “Fine Grain SAML Endpoint Configuration” had nothing set for the logout binding. I’ve never set anything in there before to my knowledge! Certainly not today. And when I create the client on the old version it is populated. On the 9.0.2 it isn’t…