SAML 2.0 – What is the best practice for Single Log Out after Service Provider session inactivity?
I’m curious what the best practice consensus is on this: For SAML 2.0 SLO, should the Service Provider’s session timeout trigger Single Log Out out of the IDP account? Does the spec speak to this?