Just to clarify, it IS destroying the user session to Gluu -- if you browse to https://idp.company.com/ the user IS presented with a login screen, but if you browse back to any RP/SP login URL, the user is sent straight to application as it appears that SSO SAML session cookies are still present in browser.
The only way user can fully log out currently is to get redirected to /idp/logout.jsp, then close browser completely (Not just tab or window), then open browser and browse to SP login URL again.
So, to reiterate, is there something I need to configure on the SAML idP to have /idp/logout.jsp destroy all SSO session cookies/tokens?
Thanks.