When Idp issues a SAML assertion and it
is received by SP. When validates the assertion st SP before granting
access. Does SP validates the assertion in its own application or it
makes a call to Idp for assertion validation?
If SP validates assertion locally then how does logout works
i.e. logging out the session in all the SPs from Idp (Logout Request)?