When Idp issues a SAML assertion and it is received by SP. When validates the assertion st SP before granting access. Does SP validates the assertion in its own application or it makes a call to Idp for assertion validation?
If SP validates assertion locally then how does logout works i.e. logging out the session in all the SPs from Idp (Logout Request)?