We're running CA PAM, when I protect the application with SAML, thenthe SLO functionality doesn't work as expected. I don't get logged offthe application even if I have clicked on the logoff button.
My environment is integrated with CA Single Sign-On 12.7 as IdP.
After the logout, when the browser comes back to the IdP, it presentsa SMSESSION cookie. As this session is still valid, then the IdP sidedoesn't request you any credentials, and IdP sends the SAML responseto the SP PAM side. That's why you get the impression that the Logoutfunctionality doesn't work with SAML.
But in order to make the logout button to remove the SP and the IdPcookies, you need to open an Idea on the PAM product. You shouldrequest PAM SAML Authentication functionality to implement the fullSAML SLO functionality.
KB : KB000071352