SAML - Can you end the Identity Provider's session when the Service Provider's session times out? – Liferay Help Center

Issue

We have Liferay configured as a SAML Service Provider (SP), and we use third-party software as the Identity Provider (IdP)
Our IdP is used for multiple applications, so its session timeout is set for a longer timeframe than any of the Service Providers'.
When the session ends in Liferay (SP), the user does not get logged out due to the IdP's longer session timeout value.

Liferay is configured to always respect the Identity Provider's session timeout values
A possible User scenario demonstrates why this behavior occurs:
1. The User logs into a website built on top of Liferay, then leaves the browser tab open
2. The User then logs in to another website that uses the same Identity Provider as the Liferay website
3. The session times out on the Liferay website while the User is working on the other Site
4. If the Liferay site initiates a Single Logout request to the Identity Provider, the User is logged out of the other site, resulting in their work being lost.
A possible workaround: In SAML Admin, check the ForceAuthn checkbox. This will not end the IdP's session, but it will force the user to enter their credentials again when redirected to the IdP's login page. This redirection typically happens when Liferay's (as SP) session times out.