We have two apps where auth0 is the identity provider. One app uses auth0 library / OIDC mechanism and another uses SAML for authentication.
SAML app provides an embed (using iframes) and access to it is through the OIDC app. SSO works seamlessly. A user logs into the OIDC app and the SAML app in iframe doesn’t require re-authentication.
However, when we initiate a logout from the OIDC app, SAML session remains and the user remains signed into SAML app post logout. We are now planning to call the logout page in the SAML app on logout from the OIDC app. Is this the right thing to do? Are there better options available?