I am trying to handle user session timeouts at service provider and we may not have user-agent/web-browser in cases where the user has suddenly closed browser. In this case, we want SP to notify the IDP to end IDP's user-session by sending a logout request.
This is my understanding of initiating logout request without the web browser, correct me if i am wrong:
1) SP creates SAML Artifact (SAMLArt parameter & optionally RelayState parameter) corresponding to logout request and sends to IDP.
2) IDP responds by sending <ArtifactResolve> to SP's ArtifactResolutionService.
3) SP's ArtifactResolutionService
responds by returning <ArtifactResponse> containing LogoutRequest.
4) IDP creates SAML Artifact corresponding to logout response and sends to SP.
5) SP responds by sending <ArtifactResolve> to IDP's ArtifactResolutionService.
6) IDP's ArtifactResolutionService responds by returning <ArtifactResponse> containing LogoutResponse.
Question: To which endpoint at IDP should SP send SAML Artifact corresponding to logout request (with SAMLArt parameter). It doesn't look like SP should send to IDP's SingleLogoutService's HTT-POST or HTTP-Redirect binding locations.