Hi and welcome to Auth0 @ines.nogueira !
Thank you for describing your problem!
This way you have cleared the application layer session (local session), but not Auth0 or the upstream IdP sessions.
This is a correct step on your side (to use the federated logout). Based on my research, now, It’s up to the upstream IdP (Identity Provider) how this will be handled. If I understand correctly, a desired outcome is to terminate sessions on SAML SPs (Service Providers, Auth0 and you SPA app in this case). This is called SLO (Single log out) so that once the user attempts to log in again, a new session has to be established (credentials has to be submitted by user).
There is a FAQs on this topic, but specifically, this part seems to be relevant to your use case:
On receiving the request, the IdP may or may not do a full SLO flow to any other saml SPs associated with the session (this is entirely up to how the IdP manages sessions and SLO and not related to Auth0 in any way). Eventually, the IdP will return a logout response to Auth0. If the status of this response is “success” then Auth0 terminates the user’s Auth0 session. If the response does not indicate success then the user’s session remains active.
Based on the diagram there, you can inspect the network calls to see more what’s happening when your app calls the /logout endpoint.
While you discover the topic, please let me know any questions that come your way, happy to help!