I am implementing SLO with python3-saml library in my application however at the moment to hook the behavior to close the session I dont get how to identify what is the session I need to close.
In a IdP-initiated SLO my application (the SP) gets a Logout Request message which includes the NameID that identifies the user. However, I am reluctant to use the NameID because it would result in closing all sessions for a particular user even if the original session being closed is in a different computer/device/browser.
Also, my application do not rely on cookies to identify sessions.