1. While implementing SAML with CA Federation (we are acting as an IdP and uses SP initiated SSO), is it mandatory to configure Single Log Out (SLO)? I know SLO clears all sessions. But is it needed to clear only one session? Isn't it enough if SP simply calls IdP logout API URI? The Logout URI is configured using SiteMinder logoffuri parameter on the IdP side. Does SAML or CA Federation has its own session apart from SiteMinder's?
2. Is SiteMinder logout call an async or sync call? When SiteMinder intercepts the logout URI from the client, does it clear the SiteMinder session first and then passes the request to backend API or it happens simultaneously?
Thanks in advance.