Single SignOn is easy, Single SignOut is not
In a recent post from his blog, Premier Developer Consultant Marius Rochon talks about problems with single SignOut.
Single Sign In relies on the token issuer holding on to a cookie, which tells it about the user identity after the first signin. The issuer can then respond to a request for token in whatever protocol it came in (WSFed, SAML, OpendIDConnect, etc.).