I have a Service site that works as SAML SP.(Federated site)
And I also have a Gluu Server as SAML IDP.
Users login to the Service site through Gluu Server.
I set a frontchannel logout uri in Gluu Server as Service site's logout url.
And I provide logout url as 'https://<Gluu Server Hostname>/idp/logout.jsp' from the Service site and it works well.
(Users can logout from both Gluu Server and Service site)
But the problem is that users can access Gluu Server itself to edit their profile.
When users logout from Gluu Server itself, they'll use the logout button in Gluu Server's main page and the button's url is 'https://<Gluu Server Hostname>/identity/logout'.
This url('https://<Gluu Server Hostname>/identity/logout') works only with the Gluu Server not frontchannel logout uri(Service site's logout url).
Actually, I'm not sure that the frontchannel logout feature apply to SAML because frontchannel logout feature belongs to OpenID Connect not SAML.
I followed 'https://gluu.org/docs/ce/3.1.1/operation/logout/'