Manually force Shibboleth SP to expire/invalidate all sessions

[Cantor, Scott]

> Would it be possible to pull something (NameId) from a log file and use that
> information to synthetically generate a browser-logout-simulating web
> request?

The SP enforces "my own session only" logout right now except back channel. A signed request over SOAP would do it, yes (but again, without the IdP knowing it's pointless since the user would just be able to log right back in).

-- Scott