Explore options to forcing immediate logout of a Liferay SAML SP when the user changes their password on the SAML IDP which authenticated their session. Some thoughts...
- Liferay SP could support SOAP SLO binding
- Liferay SP should take the "notAfter" assertion attribute into account (but it still allows for some delay before SP logout)
- Liferay SP can frequently poll the IDP for IdP session validity. Likely a proprietary Liferay SP+IDP feature