Federation Single Logout (SLO) myth
The SAML and other federation standards have always touted it's cross-domain single logout feature.
Unknowing management always thought this is a breakthrough in SSO not knowing that the "Single logout" touted is actually just a string of redirects from each component and back to the source.
The only improvement I can see is that the URLs are maintained by configuration of the SLO and modifiable without changing the logout page source.
But this can be done with existing SSO solutions too, having multi-domain sites.

The core issue with multi-domain logout is that doing such string of redirects will put the logout flow liable to any weak link in the flow. For example if you have to redirect to application A, B, C, D and back to the federation server, if C is scheduled for maintenance or suddenly went down, the whole logout will stop at C and user left hanging wondering what happened.

Because it's not a backend logout process, it will not be desirable when exception occurs to the end user.
Some custom implementation have done backend logout by having custom agents sending and receiving session notifications but still there will always be some lag between this session synchronization and the user clicking (race condition, whichever is faster, the end user will see the effect).

So, the next time you hear a sales pitch on federation SLO, think again.